...

Dangerous scam active right now

We have all seen them. Emails from friends or family that, even with the briefest of glances, appears “off”

But we get lazy and answer them. Or in the case of a spam email that offers an Unsubscribe button, get angry and unsubscribe and add an insulting note as to why we don’t want to be contacted again.

However, absentmindedly replying to an email from a friend who is unexpectedly asking for money or clicking on an unsubscribe button from a company you’ve never heard of can costs you thousands of dollars.

Right now, this is especially true for businesses in the building trade or real estate in Australia. If you are in these areas please continue to read. If you know anyone in these areas please send them this article. Even if you are not… read on and tell everyone because this is not theoretical it actually happened to one of our clients and if your password is weak it can happen to you as well.

Roughly speaking this is how it works.

You get a spam email from a company you’ve never heard of or from a friend or colleague (seemingly at least) that is asking a random question or claiming you’ve missed a payment or a licence is about to expire. It is usually something asking you to click on a link or, in the case of the friend, reply to the email.

You answer the email or unsubscribe and this email is sent to the scammer and, using the embedded and mainly invisible data that is in every email, uses a bot (AI program) to attack your email account and break your password. The weaker it is the easier it is.

Once broken, the bot sends the details to some pusbag sitting behind a desk and they access your account. Once they have access to the account they can monitor it, intercept and reply to any email they wish and it all looks like it came from you.

The following is a real world example:

Mary received an email from a “friend”

Mary replied to the email.

Email went to scammer and they used the embedded data to find the account and they used a bot to guess the password and they accessed her email account.

A few days later, while the scammers were watching her account, Mary receives an email with a PDF enclosed from a builder who was doing renovations for her at the time. This email was legit and was expected.

Mary, forwarded this email to her business partner with the PDF attached.

Because they had access, the scammer intercepted this email, edited the PDF to include their bank account, then sent it to her business partner… seemingly from Mary. All within 2 hours.

Business partner saw the PDF and paid the bill using the BSB and bank details within.

$36,000 went to the scammer account.

So what can we do to stop this?

Changing your password is the easiest and fastest thing you can do but it has to be a good change… don’t just add a 2 to the end of your current password.

A colleague of mine said that a rule of thumb is, a password you cannot remember is the best password to use. To that end a password generator like the one found in Keychain is a good option. This is found in the Utilities Folder, Keychain Access. Once open, choose New Password item from the File menu. Don’t worry about the fields that it wants filled in, just click on the Key icon and use the sliding scale to create a password. Once you find something that looks secure, copy it or record somehow and update your account – but more on that below.

There is also a password generator at lastpass.

If you’d rather not have a password that looks like a cat has walked across your keyboard you can always invent your own and test it. I wrote an article a little while back that contains a link to do just that. You can find that here. You also use this site to test your current password and see how quickly it can be hacked.

Once you invent or create a suitable password change it in your email settings. This is done on the providers webpage whether it be iinet, Optus, Telstra and so on. With those of you with your own domain (i.e, your own personal email address) your host will have given you something like a cPanel to change all passwords for all your accounts.

One more step would be to always call and confirm the banking details that appear on the invoice before paying.

Permanent link to this article: https://www.macservicesact.com.au/dangerous-scam-active-right-now/

3 comments

    • Rae Lister on October 5, 2023 at 9:08 PM
    • Reply

    Thank you for this information—it is chilling.
    I recd two emails over a couple of weeks from a ‘business group’ saying based in Canberra railing against the fair pay for same work and giving an address. I wanted to unsubscribe immediately but first checked the group online and found different director etc & the fact that it was almost asking me to unsubscribe gave me concern so just deleted.
    I’m really grateful for your valuable info.

    On another article re providers dropping email service I chose to maintain my address and go with the Messaging Company. It has been a rocky road as Internode screwed the transfer up and was many days without email, then only business emails but now after 3 weeks I seem to be getting personal emails again too. Of course the internode spam kept coming thru as I gather like business is coming from large servers!

    • Jennifer on January 15, 2024 at 8:40 AM
    • Reply

    Thanks for posting this. It really is alarming that it is this simple to be financially scammed. Tell ‘everyone’, so wrong that they get away with this. I believe you call it ‘man in the middle’, low life in the middle works for me having suffered just this same experience. The assistance for recovery is a whole other story, not much help out there to assist.

    • Jennifer on January 15, 2024 at 8:44 AM
    • Reply

    Thanks for posting this. It really is alarming that it is this simple to be financially scammed. Tell ‘everyone’, it is so wrong that they get away with this. I believe it is called ‘man in the middle’, low life in the middle works for me having suffered just this same experience. The assistance for recovery is a whole other story, not much help out there to assist in this at all. It’s very real people, please be careful.

Leave a Reply

Your email address will not be published.

7 + ten =