Late Tuesday evening a local wagga business had one of it’s employees email account credentials stolen and an automated system sent out emails to people on the specific user’s contact list.
The systems have been thoroughly checked and no sensitive data was put at risk. The employees password has also been changed to prevent future attacks and no other part of the system has been affected.
This event re-emphasises just how easy it is to get tricked into giving up your credentials.
Even with some of the world leading SPAM prevention from Google Apps, emails can sometimes slip through into your Inbox. Especially in an attack like this where the virus email is coming from a legitimate user.
If you ever receive an attachment that is asking for credentials, whether it be a google login, bank login or government login, always delete the email and ring the company involved. Never sign into to any of these accounts via an email link either. The sign in page can look very convincing!
Simple Pixels encourages all its clients to never use the same password across different accounts (keep banking, PayPal and email passwords all completely different).
2 step authentication is also encouraged as even in the event of credential theft, an SMS to the user’s mobile is required for access to an account.
Google has a good support document that outlines different things to check in the event of credential theft.