Open in app

Sign in

Write

Sign in

Phishing Scams and What We Did To Recover

Vinit Patil
SKUE RIGHT
Published in
4 min readSep 9, 2016

--

After years of successfully dodging email scams, we bit. Things ultimately got resolved. And with some good side consequences. Here’s what happened and O, please delete my email if you got one from me.

Yesterday, we received an email with subject ‘Contract Letter”. As a wholesale platform, it isn’t unusual to receive exclusivity contracts from larger stores. This email came from a huge museum store. I knew the buyer. Also September is peak buying season which means stores are trying to get their orders in.

The conditions were felt right to open a phishing email:

  • It passed Google’s spam filters.
  • It came from a trusted source, a buyer we had recently exchanged information and emails with.
  • The subject line was sophisticated, included actual name of sender’s company {{Name of Company}}Inc Contract Letter. The last Google docs scam gave it away with a subject line “Important Google Doc”
  • It was designed like a file sharing service email “{{Buyer name}} wants to share a doc with you”.
  • I was in the mindset that receiving a contract from the buyer within said context would be normal.
  • It was formatted with Ring Central file sharing design. One of the guys at our co-working space just popped in and said they closed a deal with Ring Central. No relation, but causational trust.

Okay, all sounds legit. Click on link. Enter google docs login. Click.

Wait. It’s asking me to download Google drive? Okay something doesn’t look right. O shit! Escape. Escape. Escape. Too late. Malware has taken control of the account. The redirect was to Bob’s Auto Shop in Texas. Checked the source code. Ok, I’ve been had.

What the Malware Did:

  • Took hold of my contacts list and send emails to all contacts with Subject: Skue Inc…Contract letter, with a Google docs link.
  • Changed my filters to “Delete all incoming emails”
  • Delayed notice of any wrongdoing by redirecting all my emails to trash

Damage Control

The first step was to take a deep breath. Then get to work:

  • Immediately checked if I could change my password. I could. Okay good.
  • Changed passwords to the top sites I could think of. Day 2 I’m still on it.
  • Sent myself an email on gmail. Got alerted that emails were going to trash.
  • Checked my trash folder, saw a flurry of emails come in from my contacts, including business contacts. Most of them said “Did you send this?” or “What is this?!?”
  • I started immediately replying to everyone who replied with a quick message. “Sorry, my emails been hacked, do not click or download!”
  • The most affected would be people who would think I might send them a contract ie. Business contacts! Personal contacts I could deal with later. Drafted a letter for business contacts. It went like this (Use it if you are ever in my situation):

Subject: Caution: “Contract Letter” Email is not from me

Hi,

Several of my gmail contacts alerted that they received a link to download a “Contract Letter” from SKUE. It wasn’t sent by me, sorry if you received it. It’s a malware hack going around the web and unfortunately I was on the wrong end.

If you received it, please do not do not download anything. Delete the email, and be safe. Again, apologize for the trouble.

Best,

Vinit

  • Gmail won’t allow to send to all contacts at once, so I started sending in batches. Okay good, it means the spam email may not have gone out to everyone.

Then I started getting email replies from contacts:

“Ah noted! Same thing just happened from my husbands email!”

“Thank you for notifying me. I did receive the email but have now deleted it. Thanks so much.”

“Did you mean to share access to this doc? While I certainly hope we are in a place to restart our conversation, this did arrive unexpectedly!”

And my favorite:

“No worries. I had a feeling. No more porn for you!”

Okay, some of the damage has been contained.

Next step is to go through my contact list and batch more emails out alerting everyone.

Whew!

This was one of those instances where social engineering ousted technology. Even if I had two-factor authentication (which I turned on again) I would have still authenticated under the situation since it came from a trusted source. This is a new level of sophistication.

I sure hope you catch on before I did. If there’s any other security measure I haven’t taken yet, please add.

Now as a great consequence, also got some emails from old contacts:

From: Bill

“Wrong Bill? btw here’s my latest woodworking project I told you about a while back. It’s almost finished!”

Niiiice!!

Security
Malware
Phishing
Email
Damagecontrol

--

--

Vinit Patil
SKUE RIGHT

Written by Vinit Patil

131 Followers

CEO@Ribbon Commerce The Beautiful B2B. Previously @Box @akqa @gyro

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams