Recent Phishing attacks. This week, we have had 2 clients affected by the same phishing attack. In both cases, the person received an email indicating that they have received a fax and need to click a link in the email to view that fax. After clicking the link, they were asked to enter their email address and email password. After that, nothing appeared on their screen. But what happened behind the scenes is that the scammer now has their email address and password. The scammer then logged into that person’s email account and set up a rule to forward all incoming emails to an email address apparently accessible to the scammer.  This will allow the scammer to access your email even after you have changed your password.  We suspect that the scammers will be reading your email hoping to obtain more passwords and financial information. Below we have an actual email received by one of our clients this week.  One big clue that it’s a questionable email is when the mouse has hovered over the link you can see the crazy URL is “candybox.com.co”.   Don’t Click It!
Phishing attempts are on the rise and getting serious.

What should you do? First, check to see if any rules have been added to your email account. While viewing your inbox in Outlook, you should see an option in the upper right named Rules. Click on Rules and then select Manage Rules and Alerts. This will list all rules for your email account. If you see any rules that you did not create, then you may have been a victim to this scam. If this is the case, then delete any rules that you did not create and change your email password immediately. Also, if you use that same password for anything else, change the password for those systems as well.

How to Keep It Safe

• Always be on guard. Anytime you receive and email that you were not expecting, think twice (or maybe three times) before clicking any link or opening an attachment. Check with the sender by phone or by a separate email (don’t reply to the one you just received) asking if they in fact did send you the email in question. 
• Check the links before you click. When you hover the mouse over a link, it will reveal its true identity. In the example email above, the link claims to be “Preview FiIe.pdfl Now”. But when you hover over the link it shows its real identity. This is a big clue not to click that link.
• Don’t use the same password. Be careful not to use the same password for all things. Keep commonly used passwords different from passwords that are used to access bank accounts, credit cards or other places where people can gain access to spending your money. Yes, it is a pain to maintain separate passwords, but it will be a much bigger pain when your bank account is empty and your identity has been stolen. You must protect yourself because the bad guys are always looming in the shadows waiting for you to slip up.