Online Threats: Lucerne County Businessman Describes Battle Against Email Hacking As ‘Nervous’
Local businessman Walter Mitchell felt helpless last week when he began receiving inquiries from acquaintances about an email purported to be from him, even though he didn’t. never sent.
“It’s a scary experience,” said Mitchell, owner / operator of Mitchell Financial Group, an insurance, financial and estate planning company.
“I have been in business for 40 years and have never seen anything like it.”
Impostor emails from familiar contacts, friends and family became commonplace, but this one was different.
With a subject line, “action required: file,” the email stated that Mitchell had used OneDrive for Business – Microsoft’s online file storage service – to share a file with the recipient. It contained a link to view the document, indicating that it would only be available for 48 hours.
If the email had ended there, it would have been more obvious that it was a scam to trick recipients into clicking on a link that could expose their technology to a virus or other malware. .
But he continued:
“Let me know if you have any questions. Thank you.” It contained Mitchell’s business name, title and address, followed by business phone, fax and cell numbers that looked a lot like the real ones.
Mitchell said he doesn’t use OneDrive.
“I had never heard of OneDrive before,” said Mitchell, a well-known local resident who is also the mayor of Bear Creek Village. “I have no affiliation with the company listed in the email.”
He later learned that some had responded to the email to ask for more information or to let him know that they believed it had been hacked. Even though it looked like the responses were going to his correct email address, they went to the scammer. Someone pretending to be Mitchell sent a reply letting him know the email was legitimate and he could click on the link.
“It’s very annoying for me because it’s my reputation that’s on the line,” Mitchell said last week as he was still trying to figure out how it had gone.
Mitchell pointed out that his company has firewalls and “layers of security” to protect customer information.
He wanted people he knew to realize that he would never send an email with information that was not preceded by a personal, individualized greeting explaining the reason.
Aware of the pervasive possibility of scams, Mitchell said he personally avoids clicking on links allegedly from people he knows if they are preceded by comments such as “Check this” or “You won’t believe it.” . Communications sent on his behalf last week were smarter, he said.
Looking for legitimate
Luzerne County Detective Charles Balogh, who specializes in computer crimes, said the email is an example of the increasingly devious way hackers, crooks and perverts try to hurt people from all ages through a window that can be opened whenever a computer, tablet, cell phone or even a smart TV or game system is turned on.
Authors often use the logos of real banks and businesses to give the impression that the communication is coming from them to obtain personal information, sometimes including warnings and exclamation marks as alerts to try to deceive recipients into them. making it seem like an emergency.
“When people see this, they panic,” Balogh said, adding that the same techniques apply to scams over the phone.
Balogh pleads with the public to refrain from revealing personal information or clicking on links unless it is certain that communications have been validly sent.
The easiest verification technique, Balogh said, is to call the person or company to verify. As evidenced by Mitchell’s case, he stressed that recipients should look up the correct phone number and not just call the one in the email, which is usually incorrect or related to scammers.
Often, senders will try to trick recipients to click on the link so that they can place software on their computers and devices to access personal information, such as credit card and bank account passwords, Balogh said.
Anyone who accidentally clicks on the wrong link should immediately shut down and unplug their computer or device and consult a reputable professional, he said. Antivirus programs can block some harmful threats, but Balogh also warned people to be careful about purchasing such programs as some online services appear to be legitimate but are also scams.
Saved by technology
A child and youth worker from Luzerne County recently verified with a reporter that an email sent from her county account sharing a link to a document was not sent by her and was from a hack.
Although some corrupted emails were sent, county information technology director Mauro DiMauro said the infiltration was quickly detected and stopped by a new 26,000 advanced threat protection program. $ per year added in Microsoft Corp. contract renewal. of this year.
DiMauro had informed county council that coverage was needed due to more attacks attempting to access confidential data or disrupt operations.
“The cybersecurity community has reported a steady increase in the level of sophistication employed by cybercriminals,” said DiMauro. “Over the past year or so, attacks have become more targeted and include more familiar details to trick victims into believing that an email or web pop-up is legitimate.”
The county has started flagging all inbound emails from senders outside the county with a notice reminding staff not to open attachments or click on links unless they are sure it is. sure, said DiMauro. One county in Luzerne has a cybersecurity training program for all staff to help them better identify fraudulent emails and other suspicious IT activity, with refresher courses planned.
The practice of crooks masquerading as a co-worker to obtain company secrets or money is a real threat, Balogh said.
He gave an example where an employee of a local business was forced to wire money after receiving an email from someone posing as the boss. The email stated that the boss had lost or broken his cell phone.
“I found it very strange that this company would believe without calling to verify, but in their day-to-day life they don’t really communicate except through email. That’s why they thought it was so real because most of their interactions were through email, ”he said.
Balogh advised companies to discuss protocols for releasing money or data.
Businesses and families can also come up with a code word that is not stored in any device so that it can be requested to verify the authenticity of requests, he said.
Some illegitimate emails even appear to come from an employee’s own company requesting connection changes due to an alleged security breach, he said.
“People click on the link and fill in their usernames and passwords, which could allow someone to access their company’s servers,” Balogh said.
Businessmen Walter Mitchell were horrified last week when a con artist emailed locals claiming it was from him.
Luzerne County Detective Charles Balogh said residents of all ages, including a 6-year-old, have been targeted by scammers, hackers and online perverts.
Luzerne County Detective Charles Balogh examines blocked emails from crooks and hackers in his office at Wilkes-Barre County Courthouse.