News‎ > ‎

Alert: Email data mining scam and how to handle it

posted Jun 25, 2015, 11:47 AM by Brian Suda   [ updated Jun 25, 2015, 11:47 AM ]
You may have received an email from one of our staff asking you to click a link to a shared OneDrive folder.  This is not a valid message and the link may be to a data mining site.  We would like to share what we know, what we are doing about it, some methods of prevention, and steps to take if you believe you have been compromised.

Quick take-away:
  • This is not a virus and our system was not compromised.
  • It has affected two individual email accounts.
  • We now have safeguards to prevent further issues.
  • As prevention, never click email links unless you were specifically expecting them.
  • If you were compromised, change your password immediately and let us know.

What we know:
This is not a virus.  There is no attachment.  It is a simple email with a link.  Opening the message does not harm your account or computer.  Clicking the link takes you to a very convincing login page.  Most people claim it looks exactly like the official Google page.  It is not.  It is a well-crafted data-mining site (aka phishing scam).  They are attempting to coax users into logging in with their email credentials (account and password).  Once done, their system has full access to that account.  It seems to make several changes to the settings and then emails itself to the user’s entire contact list.

It is important to note that our system was not compromised or "hacked."  This only affected the email accounts of those who clicked the link and entered their credentials.  To date, we only have two confirmed cases.


What we are doing about it:
This was a completely unknown threat and it appears we may have been among the first victims.  As such, safeguards did not previously exist.  Google (our email system) now recognizes this type of message as a threat.  If it detects similar activity from one of our accounts, it will suspend that account and deny the user access until we review and manually reactivate it.


Prevention:
As with any email message, never click on a link you were not specifically expecting – even if it appears to be from someone you know.  If it seems strange in any way, contact the sender to verify.  Another trick to detect bad links is to hover your mouse pointer over it (without clicking on it).  At the bottom-left of your email window, you will see the website address listed.  In one of these recent messages, the website listed was bluegreenarchitecture… – not at all affiliated with us.


If believe you have been compromised:
If you clicked the link or otherwise believe your account may be compromised, the first thing to do is change your password immediately (see your email provider for instructions).  This scam may not access your account right away, so you might have time.  Also, please contact the parish office if you received the suspect message from us so we can continue to track the extent: 253-564-5185 ext. 0.