This morning we have been notified of a new phishing email that is circulating and has the appearance of coming from Dropbox. If you receive an email with the below information it is recommended that you delete it immediately.
- It may come from an email address that is familiar to you and/or come from someone you know
- The email states “I have just send you an Important document via Drop-box. Click here to view it”
- The link takes you to a page that looks very much like a Dropbox notification, using their formatting and imagery, however the url is not from dropbox.com
- It will ask you to sign in with your email provider credentials. This information would then be logged and used by them to access your email account
- Please delete this email
Please remember that it is important to not open suspicious attachments or links on suspicious emails. “Suspicious” can be defined as:
- An attachment that looks like a zip file, or contains a suspicious links (harmful zip files are often small in size)
- From someone you have not done business with, however this is not always the case
- An email address or url is from someone you do not know or is unusual
- An email address that does not match the email signature
- A subject line not relevant to the work that you do, or you are being sent information you did not ask for
- Never enter your credentials (user names or passwords) by request
If in doubt delete the email.
If you have any questions, feel free to contact our Technical Support Team on 07 957 2657.
IT Partners | Phishing warning – the story
On 1 December we emailed you with a warning about a phishing email that is enticing users to enter their Cloud/Email account user credentials.
This is because we got the call we all dread in IT, “I’m calling because I don’t know who else to call, we may have been hacked”, now to be clear this call was not from one of our day to day clients, but someone who knew our reputation for solving problems and getting stuff done. However this story needs to be a reminder to us all.
This is what happened:
- User enters credentials – The User was enticed to enter their username and password for Office365 / Drobox / Gmail account
- Email Account hacked – Perpetrators immediately take those credentials and access the users email account
- Removing the evidence of hack – Perpetrators install a number of rules, so that emails to the user saying they are have been hacked are deleted, other emails are forwarded
- Impersonation of User for Financial gain – They then carefully and skilfully impersonate the user by sending an internal email to the Finance department asking to transfer funds (along with a change of bank account). The target of this attack was well thought out, and seemingly chosen for the relationship they would have with the Finance department
In this case the transfer of funds was identified and stopped as they had an internal process which required a paper form to be signed, however anecdotal evidence is that other firms have not been so lucky, and hackers have been successful in obtaining funds.
So what can you do to protect yourself:
- Pick up the phone – if you are in doubt about an email you have received, call the sender
- Good internal processes – have good systems and internal controls, especially around who can change bank account details of employees and suppliers
- Two Factor Authentication – implement on key systems, such as you accounting system, cloud services and banking systems. Xero recently added the functionality to do this, look at this blog post to implement
- OpenDNS & SMX – Ensure you have systems like OpenDNS and SMX that have real time capability to detect and block sites and/or emails of this nature
- Educate users – ensure your users really stop and think about the situations in which they are asked to enter credentials
- Passwords – DON’T use the same passwords on multiple systems. Make your passwords secure
- Cyber Insurance – consider Cyber Insurance, read Andrew’s blog.