A lesson to us all, and a reminder to those who may need it: no one is safe from cyber crime. We must all be alert to the risks at all times, as Cosmic Joint CEO Julie Hawker recently found out. Here are Julie’s thoughts following the incident on the 22nd of May:
Here is my account from a difficult day, May 22nd 2019 which turned out to be a different and very frustrating one. At around 10.30am, people started to alert me to the suspicious emails coming from my email address and inviting them to open an “URGENT Update”. I immediately contacted my colleague Rob who suspended my email account right away, and then carried out a swift and effective investigation to the source of the spam and at the same time I started changing passwords. Lots of them.
The background evidence (not in any way an excuse for my error of judgement!) to the issue showed that on Monday of this week, I had received an email from a trusted contact and with a similar subject line. This contact is currently working with me on a high priority and urgent matter and so it looked highly credible. I do recall at the time of clicking the link thinking there must have been issues as I got no response. But it was a very busy day!
And what the evidence trail has also shown is that the virus then lay dormant in my email server for two days before activating the attack. Thanks to the swift and effective actions taken by Rob, we managed to contain things, but even in those precious few minutes emails went from to to dozens of my contacts. And of course, several of those people will have considered me a trusted source and clicked on the link too.
Now just to stress, the attack is not a malicious virus, but a spam attack which is using emails as a means of cascading emails from one contact and on and on. There is no apparent danger of loss of data. But we all should ensure we are more vigilant over the weeks ahead to ensure that’s the case and be extra-wary of any further suspicious communications. I know I will be!
Clearly I need to prioritise my cyber security training refresher. This is something I will be doing much more regularly with the support of my brilliant colleagues Kate, Rob and Paul. I do have the feeling that I’ve let them down badly and I hope that by being open about this issue it will encourage others to review their email systems, change passwords and ensure staff are appropriately trained.
On the positive side, I’ve had some lovely messages back from contacts I’ve notified; many I am sure are having a chuckle at my expense. [Really? CEO of an IT business spreads email spam virus?]
Others have been incredibly supportive and here’s a line from one of those:
And to finish – a reminder about best practice for email security:
Sadly, as you well know, none of us are immune Julie – they target us all 🙁