This Friday (4/26/19) we investigated a phishing campaign for one of our insurance clients and we learned quickly that it spanned at least two other CNY area insurance companies. For that reason Jim and I thought it was appropriate to blast out an ad-hoc "alert" to all of our insurance contacts.
Details
Here's what we know so far:
It appears that the email accounts of some of our local insurance colleagues have been compromised
The bad actors are then spamming everyone in the user's address book (mostly insurance colleagues)
The email is a file share request from Microsoft's OneDrive
The incredible thing is in at least one case the file being shared is named "3rd Party Service Provider"
The text of the email is short and sweet, something like "please open the document"
The sender has "BCC'd" you, in other words, the "From" and "To" are both the same
In this case, "Think, Don't Click"
Here is a sample:
What if I clicked?
If you clicked on the OneDrive link, you're probably OK. Clicking on the OneDrive link takes you to a PDF in OneDrive that is the phish.
However, if you clicked on the link from the link you might be in trouble!
If you clicked on the link in OneDrive:
Change your email password immediately
If it's been more than, say, 30 minutes you might've been compromised and will need to have your account checked for signs of intrusion.
Either call us immediately, call your IT support staff, or check the following:
Check your Sent Items for emails you didn't send
Check your Deleted Items for emails you didn't send
In Outlook, click "Recover" at the top of your Deleted Items and check to see if there are emails you didn't send
If there are no emails in your "Recover Deleted Items Folder" you've probably got a problem
In Outlook, click "File" then "Manage Rules & Alerts" check for rules you didn't create
In Outlook, click "File", then click the link next to Account Settings that says "Access this account on the web"
Once there, make sure the "The new Outlook" slider in the upper-right corner is on
Then click the settings "gear"
Click "View all Outlook Settings" at the bottom
Click "Forwarding"
Ensure your email isn't being forwarded
Stay safe and have a good weekend. If you have questions please contact us, we're here to help!