Data Breach – Further Information

A note about “Spoof” emails: The use of “Spoof” emails to attempt to carry out online fraud is a common technique employed by Cyber Criminals. Fraudsters will send e-mails which appear to be from a sender known to the recipient, but which are designed to trick the recipient in to either giving away passwords, or downloading “malware” (a computer programme designed to compromise the user’s computer in a variety of ways).

In April 2018 a number of contacts of the firm were sent an e-mail by persons unknown, and which emanated from the internet-based “WeTransfer” file-sharing page. So far as we are aware, these e-mail addresses were accessed as result of Mrs. Malloy’s Outlook email account being accessed by unauthorised external parties. Those persons have elected to use your data unlawfully.

We have never used the “WeTransfer” service and as a firm we would never ordinarily request that our clients or other contacts click on a third-party link to access work-related files, without specifically discussing this in person.
The principal purpose of the scam using WeTransfer is to fool recipients in to giving away password details. See for instance here:
https://www.onlinethreatalerts.com/article/2015/10/5/phishing-scam-someone-has-sent-you-a-file-via-wetransfer/ where the author reports that when recipients click on the link they are asked to input Outlook/other details in order to access the WeTranfer documents. Instead, the third party now has access to email account information and passwords.

See also:
https://tonywebster.com/2018/02/wetransfer-security/ – this article from February 2018 explains what the author claims are inherent vulnerabilities in the WeTransfer system
https://wetransfer.zendesk.com/hc/en-us/articles/208554176-Phishing-attempts-and-weird-WeTransfer-imitations – here the file sharing site WeTransfer offer their own explanations and advice. We have as their site suggests reported this incident to them.
It seems to us likely that WeTransfer have themselves de-activated or removed the linked documents. Thus if you did click on the link you may have just seen a message saying that the document has been deleted. See below however for recommended further steps.

What to do if you have clicked on the link

We have been working with our IT support to provide you with what steps you should take if you have clicked on the link provided and they have advised the following.

Note that in all cases, you should first delete the e-mail and run a virus scan using an up to date reliable virus scanning programme, and refrain from accessing any banking websites until you have done so. It is also good housekeeping to ensure that your general operating system is up to date.

1. If after clicking on the link it took you to a webpage asking you to input your credentials, and if you did enter those details, please change your passwords immediately. You might consider doing so using an alternative machine.

It is advisable to change your passwords regularly and when choosing your new passwords, use at least 12 characters made up of capital letters, numbers and other symbols.

• Different accounts need different passwords. Hackers can use one password to access all your accounts if you have used that one password across the board.
• Do not share your password.
• Do not fall for phishing – approach your emails will scepticism.
• Never click on links which seem suspicious – you can copy embedded links and paste them into your browser window, and this will outline exactly where that link is going to take you and will give you a better idea as to whether it is genuine or not.
• Always keep your software up to date, especially virus-checking software

2. If you clicked on the link and nothing seemed to happen, or you didn’t click on the link and instead deleted the e-mail, ensure the e-mail has been deleted and run a virus scan as mentioned above.

We would always recommend that you take independent advice from a qualified specialist sufficiently knowledgeable and experienced in these matters.

Further steps

Cyber security is a global problem which has affected very many organisations, both large and small – and the individuals whose data falls into the wrong hands.

Because of the inherent risk in e-mail correspondence, we NEVER ask you to send us by e-mail confidential information such as bank details, and we NEVER provide our own bank details to you in this way either. Hence it is unlikely that there is any data in the e-mail correspondence between us that puts you or this firm at financial risk. However, we recommend that you review your e-mail correspondence with us to check that this is indeed the case.

How you can protect yourself

If you receive an email from an organisation you have previously dealt with but it comes somewhat out of the blue, please contact that organisation using an independently verified telephone number (i.e. Google the details of the organisation) to ensure the email is genuine.
Think twice before clicking on any links, especially if you haven’t dealt with that organisation for a while/ever.

What to look out for in a phishing email

• Impersonal greetings
• Scant information provided
• Poor spelling/grammar
• Incorrect email addresses (look carefully, often the difference is difficult to spot)
• Attachments asking you for your log in details and passwords

Please see the following links for further details about cyber crime

http://www.sra.org.uk/consumers/problems/fraud-dishonesty/scams.page
https://www.met.police.uk/advice-and-information/fraud/
https://actionfraud.police.uk/

If you have any queries or would like to discuss this matter further please do not hesitate to contact Simon Quilley 01684 563 318.
We do emphasise however that we have taken steps to ensure that our systems and processes are secure.