Business Hacked in Chilliwack / Microsoft Account / Case Study #1
Business Hacked in Chilliwack
Last month, we saw another business hacked in the Fraser Valley. Hackers used compromised company email accounts to send phishing emails until Microsoft locked down all email for the entire company. We had to un-hack their Microsoft account, work with Microsoft to unlock it, and clear the company’s name from lists of known spammers. Once hacked like this, it is difficult and time consuming to prove to Microsoft that your account is no longer a source of phishing.
Why was this business hacked?
What did the hackers gain?
Business hackers target small local businesses because they have community trust and credibility, have multiple email users to attack, and many contacts. They may keep credit cards, banking, and other password information in their emails, making them a gold mine. They have to keep targeting new businesses, because once they send too many spam emails, the email host will shut down the hacked account. For you, this becomes very difficult (and expensive) to undo. For them, it just means that it’s time to hack a new ill-protected business. Under the safety of new accounts, they send emails again and gain access to new information, credit cards, and clients, without fear. And you’re left with the costs and mess to clean up.
How was this business hacked?
How can we learn from this event?
Most importantly, make sure all your users have complicated passwords and multi factor authentication (MFA) (this article explains MFA and its importance).Without MFA, a hacker can keep trying passwords over and over without the owner of the account being notified. Without risk, hackers guess until they succeed. In our example, the hacked business’s passwords were a basic, hackable [word][numbers] pattern. They had more than one user with admin access to their Microsoft account, which increases the odds of hacking. Businesses are in danger when they do not monitor users with admin access regularly.
It is always best to work with IT professionals who can help you secure your systems. But there are things you can do right now to make yourself more secure:
- monitor your admin users (never have more than two)
- ensure ALL users have complicated passwords
- ensure ALL users have MFA on their accounts
- get rid of old user accounts right away
- never send credit card, banking, personal information or passwords by email
We highly recommend giving us a call to learn about how else you should be protecting your business, depending on your specific business’s needs. Our initial consultations are always free. Seeing local businesses have to dish out thousands upon thousands of dollars each year because of preventable business hacks devastates us, as we want to see our local economy alive and thriving. Not only the hacked companies suffer, but the victims of the phishing attempts do too (your clients). One hack can take out an entire business, so protecting yourself now before the hackers come is crucial. Investing a little now protects you from crisis later. These phishing schemes are much more common than most people expect.
As always, contact us for a free consultation.