« Back to All Posts

Educated Attorney: Your Hacked Email May Ask Your Clients For Money

January 22, 2013

I’ve explained many times why it is so important NOT to use a personal email addresses to conduct business. By personal email address we mean AOL, MSN, Hotmail, and Yahoo, there are more but these are the ones most people know. We’ve wrote about it, put it in our audiobook and even in our CLE courses. Today I have an example why you should never use a personal email address for business. A few minutes ago I received an email from an old user who used to work with a client of ours. At some point she must have emailed us with her Yahoo account because the email came from her Yahoo email and I was most definitely in her sent items and contact list since we have emailed each other in the past. The email is below,    I’ll let you check it out and then we’ll discuss…

 

This email was most definitely NOT from the user, yet it shows her email address. What we have here is a classic email and contact list hacking scam. This user must have gotten a piece of malware on her computer or this was a straight out email hack. If it was malware then while it was on there, she must have logged into her Yahoo account, she might have also logged into her online banking portal. At that point the malware took down her login and password and sent it back to the malware origin. With that information, the hacker changes the user’s email password and sends out emails to the user’s entire contact list hoping someone will fall for it, reply back and send money. The other way this could have happened is if her account was hacked straight away. A hacker could have blown through Yahoo security, and grabbed bunch of email and password combinations. Once they find emails and passwords that work together, they log in, change the password, and send out emails to all contacts. Below is the email details. I blocked the contact for her protection but you can see where the email came from, and what provider dropped the ball.

At this point you should have a good idea why you need to use a corporate email account and not a personal one to contact firm clients and other entities. Exchange, Google, or a Microsoft solution really secures your client information and protects against any malware you may receive through email. This person could have gotten this malware through her email as well, it’s very possible. Yahoo spam filters are nothing like the paid spam filter services, they block more and they protect you better. Having the right security on your PC and your firm email is very important. Imagine if this was a firm email address and this email went out to all clients, how embarrassing!  An email like this has potential to hurt your client relationships. It shows your client that you have invested nothing in your email security. It’s significant because this is not the norm in a corporate environment. It happens on a personal level with personal email, but never with corporate email. I hope you finally get the idea of why your PC and email must be secured at all times, why you must have spam filtering, why you must use a corporate email solution, and why you must secure your PC against spyware, malware and Viruses. It’s for your client sake, and it’ll keep you in good standing over time.