We’ve seen a recent wave of phishing attacks that try to trick you into opening “secure document links”. This is a scam you need to be aware of and take steps to avoid.
Here’s how the scam goes:
You receive an email that looks like it is a DocuSign or EchoSign or Secure Adobe PDF notification with an important document link on Dropbox or Google Drive that needs to be looked at. The bad guys try to trick you into opening the link….but when you do, you get redirected to a spot asking to to type in your email password and potentially also download a virus to your computer.
After you have clicked on the link and given this scammer your email information, they try to login to your email account – potentially up to a few weeks later – giving you a false sense of security that nothing really happened. Once they gain access to your email account, they create an email to go out to all of your contacts with the same fake secure document link to try to get your contacts to do the same thing you did. Not only that, but the hacker will often create a rule in your email to delete any new incoming email with keywords inside of it so that you will not receive any emails back from your friends saying “you’ve been hacked!”
What to do:
When you receive this type of document, which you did not ask for, and it’s from someone you do not know, be very cautious and if you want to be sure, delete the email. If it looks like it comes from someone you do know, pick up the phone, use a phone number you know is valid (not a phone number from the suspicious email itself), and verify if this actually was sent by them and what the purpose was.
What to do if you have fallen victim to the scam:
Have your email account password reset, and have your computer checked out by a professional to make sure you do not have a virus.
Consider taking extra security measures to lock down your email account:
Most email accounts nowadays (from Microsoft, Google, and others) allow you to turn on a 2 step login process. This 2 step process sends a code to your cell phone anytime someone tries to login to your email account. We HIGHLY recommend that you turn this on. If you need help on how to do this, feel free to give us a call or email.
Thanks for reading and for your continued business.