This threat comes via email,
It looked pretty legitimate,
Subject “Please see the attached”
Content only has the letters “FYI”
It then had the Sending business signature (or similar) – looks like the real thing.
and the email had a PDF Attached
WARNING – BE CAUTIOUS.
We at Web South only found out about this threat when we received an email from a local business. (we were on thier address book).
So! what’s it all about
First off – the email is likely to come from a business you know,
Although the email was a little cryptic it is not unusual.
Trying to open the PDF attachment will take you to a website asking you to enter info so you can read the PDF (claimed to be secure)
What happens apparently (told by the local business who sadly was caught by this)
is that it then copies the email addresses of your contact list, (and presumably does the same – sending emails to them)
And additionally it alters your internet settings so you can not receive any more emails (presumably to stop people sending an alert to you, or perhaps so you don’t get the email back from someone else again – which might make you suspicious).
It is also possible that other things happen , such as your information is stolen, subsequent offers to get your email working or threats to release your data – but at this stage this is unknown.
What is interesting is that the business signature in the email is ALMOST the same,
The phone number to contact has the last digit altered.
I presume so that if you do go to phone to verify that the person sent it – and you can’t reach them – you are still more likely to get caught.
AND as a double insurance – if you personally get hit – you would try use that number to contact the person to warn them of the issue.
SO – DO NOT RELY ON THE SIGNATURE INFORMATION. Go check thier website for details there.
(a further warning is that if the thieves have gotten this far they may also have access to the website, and alter the details there too)
If you get caught by following the email, it is imperative that you contact everyone on your email address book and warn them of the breach.
You may wish to read more about if you need to report the problem to the Government watchdogs.
The Sydney Morning Herald has an article about this
“Mandatory data breach reporting starts for small business” (published 20th Feb 2018)
and there is more reading here:
Australian Government – Office of the Australian Information Commissioner (OAIC)
where you can research if you have a notifiable breach and can also report it there
Web South would also like to alert you to check that if you use the Adobe PDF Reader that you check that it has the latest version (as we notice there is a new security update available).
You can do this by opening Adobe Acrobat Reader (DC) going to the menu and click on “Help”, and then “Check for Updates”.
One last comment!
If you get caught by an email coming from someone you know, try make an effort to alert them,
and also – please don’t be nasty about it to them, after all – you got caught too.