A note about “Spoof” emails: The use of “Spoof” emails to attempt to carry out online fraud is a common technique employed by Cyber Criminals. Fraudsters will send e-mails which appear to be from a sender known to the recipient, but which are designed to trick the recipient in to either giving away passwords, or downloading “malware” (a computer programme designed to compromise the user’s computer in a variety of ways).
In April 2018 a number of contacts of the firm were sent an e-mail by persons unknown, and which emanated from the internet-based “WeTransfer” file-sharing page. So far as we are aware, these e-mail addresses were accessed as result of Mrs. Malloy’s Outlook email account being accessed by unauthorised external parties. Those persons have elected to use your data unlawfully.
We have never used the “WeTransfer” service and as a firm we would never ordinarily request that our clients or other contacts click on a third-party link to access work-related files, without specifically discussing this in person.
The principal purpose of the scam using WeTransfer is to fool recipients in to giving away password details. See for instance here:
https://www.onlinethreatalerts.com/article/2015/10/5/phishing-scam-someone-has-sent-you-a-file-via-wetransfer/ where the author reports that when recipients click on the link they are asked to input Outlook/other details in order to access the WeTranfer documents. Instead, the third party now has access to email account information and passwords.
https://tonywebster.com/2018/02/wetransfer-security/ – this article from February 2018 explains what the author claims are inherent vulnerabilities in the WeTransfer system
https://wetransfer.zendesk.com/hc/en-us/articles/208554176-Phishing-attempts-and-weird-WeTransfer-imitations – here the file sharing site WeTransfer offer their own explanations and advice. We have as their site suggests reported this incident to them.
It seems to us likely that WeTransfer have themselves de-activated or removed the linked documents. Thus if you did click on the link you may have just seen a message saying that the document has been deleted. See below however for recommended further steps.
We have been working with our IT support to provide you with what steps you should take if you have clicked on the link provided and they have advised the following.
Note that in all cases, you should first delete the e-mail and run a virus scan using an up to date reliable virus scanning programme, and refrain from accessing any banking websites until you have done so. It is also good housekeeping to ensure that your general operating system is up to date.
1. If after clicking on the link it took you to a webpage asking you to input your credentials, and if you did enter those details, please change your passwords immediately. You might consider doing so using an alternative machine.
It is advisable to change your passwords regularly and when choosing your new passwords, use at least 12 characters made up of capital letters, numbers and other symbols.
2. If you clicked on the link and nothing seemed to happen, or you didn’t click on the link and instead deleted the e-mail, ensure the e-mail has been deleted and run a virus scan as mentioned above.
We would always recommend that you take independent advice from a qualified specialist sufficiently knowledgeable and experienced in these matters.
Cyber security is a global problem which has affected very many organisations, both large and small – and the individuals whose data falls into the wrong hands.
Because of the inherent risk in e-mail correspondence, we NEVER ask you to send us by e-mail confidential information such as bank details, and we NEVER provide our own bank details to you in this way either. Hence it is unlikely that there is any data in the e-mail correspondence between us that puts you or this firm at financial risk. However, we recommend that you review your e-mail correspondence with us to check that this is indeed the case.
If you receive an email from an organisation you have previously dealt with but it comes somewhat out of the blue, please contact that organisation using an independently verified telephone number (i.e. Google the details of the organisation) to ensure the email is genuine.
Think twice before clicking on any links, especially if you haven’t dealt with that organisation for a while/ever.
• Impersonal greetings
• Scant information provided
• Poor spelling/grammar
• Incorrect email addresses (look carefully, often the difference is difficult to spot)
• Attachments asking you for your log in details and passwords
Please see the following links for further details about cyber crime
If you have any queries or would like to discuss this matter further please do not hesitate to contact Simon Quilley 01684 563 318.
We do emphasise however that we have taken steps to ensure that our systems and processes are secure.