Plain Talk About Hacking

“Help. I’ve received an email from our business email that says a Contract agreement has been shared with you. Please review and return signed copy in email. We are not expecting a contract. I think we’ve been hacked.”

Neither your domain nor email are hacked.  This is an increasingly common approach called email spoofing.

It is important to be skeptical of unsolicited emails appearing to be sent from your business email accounts.

We see this as well with our domain.  We see spammers / hackers send emails between team members that appear to be from me and my email asking for me to pay invoices.  They often use the word “kindly” like please kindly pay this invoice.  That word is a red flag (not just because are jerks and don't use that word), but in India and Asia, where most of this originates, they think this is being polite and will maximize their scheme.

They are not actually sending it from your domain, nor email server, but using a sender address that makes it appear that they are sending it from your domain.  Here is an article about email spoofing on the FBI website: https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/spoofing-and-phishing

The FBI recommends you do the following to protect yourself:

• Remember that companies generally don’t contact you to ask for your username or password.
• Don’t click on anything in an unsolicited email or text message. Look up the company’s phone number on your own (don’t use the one a potential scammer is providing), and call the company to ask if the request is legitimate.
• Carefully examine the email address, URL, and spelling used in any correspondence. Scammers use slight differences to trick your eye and gain your trust.
• Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
• Set up two-factor (or multi-factor) authentication on any account that allows it, and never disable it.
• Be careful with what information you share online or on social media.
• By openly sharing things like pet names, schools you attended, family members, and your birthday, you give a scammer all the information they need to guess your password or answer your security questions.

Of course, turn to Unleaded for a full review of the protections we can implement on your server and hosting to minimize such hacking. Contact Unleaded.Digital today! Email Jarod at jarod@unleaded.digital.