I received a very good-looking email from FedEx (or so I thought) with a tracking number and links to see the progress of my package. We have a FedEx account, and we just shipped some packages, so I thought it was an update on their status. I was kind of surprised because Friday afternoon, these boxes were at our office waiting to be picked up, and the email said they were being delivered Monday – not really possible.
I mentioned this to the techs and they asked me what email address it was ‘From.’ Sure enough, it ended with …@afedex.com – there’s an extra character in front of the name, did you notice the extra ‘a’? Similar, but it’s a FAKE.
Unfortunately, one of our clients was tricked and clicked through the links. We were able to help them out because they have the right backup units and other safeguards. It was frustrating and created a work interruption, but they’ll be OK. These are savvy ladies, but the email looked very convincing, and I have to agree.
A couple of things:
– Make sure you have a backup solution that allows you to recover an image from a specific period of time, both locally and in the cloud
– Be sure you have current and up-to-date anti-virus on all your machines
– Continue educating your staff to be cautious – this is social engineering and they are trying to trick you!
– Look at vendor emails with a critical eye; is that domain name spelled correction, or does it have extra, or missing characters? Do you usually receive requests from this vendor?
It’s always better to delete and call your vendor than to click on it. If it’s legit, oh well, you got to talk to a nice person today. If it’s not legit, you just saved yourself quite a few headaches, not to mention some money!
Need help? Give us a call… – CMW