Phishing emails can appear genuine but may contain dangerous email links or URLs. We recently had a case where the personal account of one of our clients got hacked… which in turn caused one of their clients to be hacked too.
We think there’s an important lesson to learn here about what you can do to avoid this happening to you.
The case
Once our client (let’s call him Client A) was hacked, his passwords were stolen, thereby giving the hacker full access to his contacts.
Following this an email was then sent, appearing from “Client A” to his contact list. This email contained a link requesting a one-time password.
A contact (who we will call Contact B) received this email and, trusting the sender, clicked on the link and entered his information.
That’s all it took. The hacker immediately gained access to Contact B’s personal accounts including Gmail, Facebook, and Instagram. Passwords were immediately changed, and access blocked.
Resolution
Client A contacted us straight away. With some hard work and luck, our engineers managed to trace down the hacker, report all activities, and gain access back to most of Contact B’s accounts.
So, how can you avoid getting hacked in the first place?
There are several ways you can go about this.
- Make sure your passwords are updated and secure – LastPass is a great place to store passwords and generate new ones.
- Use a free phishing service to test how vulnerable your account is.
- See if an email link or URL is genuine by hovering over them to see the true link address.
And finally
Unless you have requested it or are certain it’s genuine, always be weary of email links or URLs or attachments. Even if they are from a trusted source.
What to do you have been hacked
Contact us straight away and avoid any direct communication with the hacker. This will prevent them from getting any further access to your accounts or devices.
