New email scam making its way around Whatcom County businesses

Example of scam email going to Whatcom County businesses.
Example of scam email going to Whatcom County businesses. Courtesy to The Bellingham Herald

A new email scam making its way around Whatcom County is tricking business owners into giving out password information.

Last week Tech Help, a subsidiary of Bellingham’s Big Fresh Media, started hearing from clients dealing with a phishing scam about a week ago and it has quickly spread to other Whatcom County businesses. The company is now seeing 10 of these a day, as well as getting calls from clients about how to deal with it, said Brook McClary, digital marketing strategist for Big Fresh.

Mike Sullivan, technical account manager at Tech Help, posted on the company’s blog alerting people to this scam.

What makes this scam tempting is that it is well-tailored for its intended victim. A construction company will get an email from a known client that has an attachment that says something like “new contract” or “contract offer.” If someone clicks on the attachment, it will ask them to type in their username and password to see the document. If the person gives out their username and password, trouble ensues.

Once the scammers have access to the username and password, McClary said they will change the victim’s filter so future emails go directly into the trash file. This allows them to reset passwords to online bank accounts and other websites, and the victim won’t see the password reset email alerting them of the changes. The scammers also will have access to their contact list and try to do the same thing to their clients.

McClary has several suggestions in dealing with phishing scams and what people can do if they accidentally give out their password.

▪  If you receive an unexpected email attachment from someone you know, check to see if they actually sent it. A quick phone call can save the person a lot of time and embarrassment, McClary said.

▪  If you accidentally give out your password, go to another computer and change that password. Then go into settings and make sure the filter is correct.

▪  After the password is reset and filter is checked, go back to the original computer and run an anti-malware program to remove malicious files.

▪  Alert your clients that are in your contact list so they don’t fall for it as well. If the email is still compromised, alert people through social media like Facebook.

Dave Gallagher: 360-715-2269, @BhamHeraldBiz