Farming Smarter is thinking about internet security a lot after falling victim to two phishing schemes within a month. On Nov. 13 and Nov. 26, our contacts were sent false invoices that, when clicked on, harvest your passwords and gain access to your accounts.
Maran Magnell, employee at Dok-Tor Harddrive says that when these types of scams come out, millions of people can be affected.
Magnell says that the scammers are setting up a variety of rules on the affected user's accounts so that emails are being blocked and sent straight to junk mail. They can do this by creating key words or blacklisting specific senders.
The scam also turns forwarding on, so they receive every incoming email your account receives.
How do I avoid getting scammed?
Magnell says that if you don't click on the link and automatically delete the email, the scam shouldn't affect you. She notes that the automatic reply function appears to be enough to open your account to them and allow them to receive whatever they need.
"If they clicked on the link, chances are they [scammers] already got to it. They need to immediately change their passwords for their email addresses."
What you do from there depends on what type of email account you have. Magnell says, for example, that if you have an Office 365 account, you should contact your Office 365 Administrator. If you have a Gmail account, then you should contact Gmail and let them know what's happening.
"All emails have ways to report that you have experienced phishing emails or scams ≥ but first things first: change your password and immediately send out an email that says 'if you receive something with this subject line, immediately delete it. It's not from me."
How do I know if the invoice I receive is real?
Here are a few questions you should ask yourself to avoid falling victim to a phishing scam sent from one of our accounts (though we're striving for this to never happen again).
Does my organization or company have prior knowledge that an invoice will be sent to them from Farming Smarter?
We always contact companies we are working with before sending the invoice out! It should not come as a surprise. If you don't remember working with us recently, then it's likely that this email did not come from one of our staff.
Did the invoice come from Shelly?
This is a tricky one because one of the phishing schemes did infect Shelly's account! There are minor details, however, that can tell you if the email is legitimate or not ≥ such as the signature. These scams had both Jamie and Shelly's email signature incorrect (which is great because our wonderful contacts caught on to the fact that something was wrong and called us right away!)
Finally, is the invoice a PDF?
We will never send a company an invoice through Dropbox or Sharepoint. It will always be a PDF!
If the answer to all these questions is 'yes', then you should be in the clear!
What is Farming Smarter doing to prevent this from happening again?
Dok-Tor Harddrive has implemented a two-factor authentication system that requires a 6-digit number every time someone logs into our accounts. (That number is sent directly to our phones.) They also have placed a different phishing filter on our accounts to weed out the bad emails and have turned off the ability to forward and entire account contact list to another email account.
As an organization, Farming Smarter thanks you for your patience and hopes that in increasing our internet security, nothing like this will ever happen again! Be safe in cyber space, folks!