A number of Home & Office Computer Solutions’ Port Macquarie based business clients have had their Web-based email services hacked recently.
Once the hackers have gained access, a copy of any emails the victim receives is sent to the hackers – without the victim knowing that it’s happened.
So, here’s what happens if you are targeted:
First, the hackers email your clients and ask them to change your direct deposit bank details to theirs. So, when your client pays the invoice, the money goes directly to the hackers’ account instead of yours.
Next, the hackers insert their bank deposit details in place of yours in any new invoices you send out. That’s right, the hackers are able to divert your emails, edit your PDF invoices and on forward them to your customer.
Finally, posing as you, they email your clients and advise them to ignore any previous invoices (those with your bank details) and tell to note the (hackers’) new bank account details.
This is one of the more recent scams targeting businesses. You might recall that in February I warned the local business community that ransomware attack had cost a Mid-North Coast accountancy firm $25,000 to have their files unlocked, while a local medical specialist paid a ‘ransom’ of $1800 to retrieve patient files, an auto parts store owner forked out over $3000, and a share trader $800.
There’s no end to these costly attacks. Business owners can’t afford not to be vigilant!
Bigpond, Outlook accounts targeted
The hackers’ accounts are based in Hong Kong.
Fortunately, none of my local clients have lost money, thanks to the recipients’ vigilance. But, I have no doubt many other Aussie businesses have been ‘stung’.
The email addresses I’ve seen affected were @bigpond.com and @outlook.com.
There’s no suggestion either Bigpond (Telstra) or Outlook (Microsoft) are at fault: how the hackers are accessing their victims’ email accounts is still unknown.
Although I have mentioned Port Macquarie-based business, anyone could be affected.
Nor is this restricted to small businesses: in fact, larger businesses could conceivably be at higher risk due to their higher volume of invoices.
Protecting your money is simple and quick
So, what can you do to protect your hard-earned money?
First, immediately check your email forwarding settings. These can be accessed by logging into your web mail system and checking ‘forwarding’ for evidence your emails are being forwarded without your knowledge.
Where possible, I recommend two-factor authentication to secure your online services. If you need more information or technical assistance on using two-factor authentication, please call me on 6583 9290.
If you think you may have been a victim, have any concerns, or just need advice on anything I’ve touched on in this post, call your Internet Service Provider or contact me at Home & Office Computer Solutions and I’ll organise a quick check-up. Remember “We Come to You”.