Listen to this story
By Greg Gerber
Editor, RV Daily Report
For the fourth time in as many weeks, a hacker has been able to gain access to a company’s email system and control the system live by pretending to be the firm’s marketing director.
RV Daily Report received another message today from the marketing director of a well-known RV supplier company.
The subject line is similar to “Follow Up – Acknowledge 2019 Marketing Development Proposal Article” and the message reads:
Please see below revised Marketing proposal for your review. Kindly CLICK TWICE to review and let me know if you have any questions.
Let me know your thoughts.
The message is signed by the marketing director with an exact copy of the person’s typical email signature, including company logos. The body of the message also includes a link to some type of file.
The Sharepoint link always looks legitimate because it includes the company’s name as well as the name of the person sending the message.
However, people who click on the link risk infecting their computer systems with either a virus or malware.
As in the past, RV Daily Report responded to the message asking if it was legitimate, only to receive a reply a few minutes later. The reply has been similar in every instance. It simply reads:
Yes I sent it here attached, please go ahead and review.
The reply never includes a signature.
However, the fact that a response is sent quickly indicates that the company’s email system has been hijacked and is being controlled live from a remote location.
The problem first surfaced April 23 when the email account for the publisher of a major RV industry news magazine was hacked. It appears that the hacker was able to copy that person’s contact list, which would include email addresses for every marketing professional in the RV industry.
Since then, three more messages have been sent to RV Daily Report, all from marketing directors.
RV Daily Report advises people who receive messages like the one above to follow these steps:
- Do not click on any links contained in the message or download any attachments.
- Do not respond to the message directly.
- Look up online the main telephone number for the company that sent the message.
- Call the company directly and report the problem either to the marketing director or to the company’s information technology team.
- If possible, do not leave a message, but stress that the IT department needs to be told about the problem immediately.
These types of links and files have been known to install malware or even ransomware that will literally lock up and encrypt a company’s entire computer system until a ransom is paid.
At the very least, after installing malware, the intruder has access to important files, customer lists and other sensitive information.