New email scam – or why freebie emails just aren’t good enough for business!
My best mate is a band manager – she works from Gmail, as she’s often touring or grabbing a few minutes of online time from wherever she can. However at the moment, she’s staying with us so I was a little surprised to get this email from her:
Subject: Help
Hi
I really need your help – I’m at a conference in Barcelona and my bag has been stolen. All my passport, money, everything. Can you help me please?
Sharon
Now, unless they have reinstated Concorde, she definitely wasn’t in Barcelona.
When you reply to the email, it very cleverly redirects the response to a similar email address based at a Yahoo email address, which the scammer had set up to receive responses from Sharon’s concerned friends. He then replied as Sharon, asking them to send him money to a Western Union account. Not only that, but in order to stop Sharon from telling her friends she had been hacked, her deleted her entire Gmail address book.
She changed the password, cancelled the email forwarding within Gmail, and prayed fervantly that Gmail would be able to retrieve her address book (which they did, but only because she has a paid-for account, freebies wouldn’t get their data back and it took 3 days).
Anyway I thought it was a very clever one-off scam, except it happened to a VA I know too this week. Exactly the same scam, exactly the same set up of a forwarding address from a freebie email.
It galvanises my belief that freebie emails are not for business use. Gmail and Yahoo etc are targeted for these kind of scams because the system is the same for every email address making it easy for the scammers to set up.
Additionally, consider what happens when a client sends sensitive info to a Gmail account and mis-spells your name – that information could end up anywhere worldwide. If they do it with a domain specific email, at worst it goes into a catch all email account which only you have access to.
If you’re using one, please take a moment to:
- Back up your contacts offline
- Check there are no redirects on your incoming mail
- Look into setting up a domain specific email address
wow! scary stuff. when you are talking about Gmail, are you also considering things like Google Apps in this? You say that your friend had a ‘paid for’ account, so it wasn’t a freebie email? We use Google Apps for Business, as do a large number of my clients. I pay good money each month to use them and to all intents and purposes, the majority of the user interfaces look the same as my free gmail email account. Does that mean paid for accounts are equally at risk? Might have to make a phone call and find out!
She has the paid-for storage plan on her email account. As she’s a customer, Google were able to “roll back” the account and retrieve the contacts and emails, but they wouldn’t have done that for a freebie account.
Google Apps I’m not sure about, but basically any big system is a target for hackers and shouldn’t be relied upon without offline backups.
Same for WordPress – Sally was telling me about some poor client of hers who lost her whole website a few weeks back when her website hosts went bust, simply because she hadn’t been backing up.