According to SiteLock, website attacks on small businesses rose by 59% in 2018, averaging 62 attacks per day. Now BigIdeasForSmallBusiness.com is a statistic. Let me tell you what happened so if the same or similar attack happens to you, you’ll be able to recognize and remedy it easily (hopefully) and quickly (assuredly).
What the hack looked like
An email was sent to some of my contacts asking that they read a file from me in Dropbox. It appears that the hacker created a bogus Dropbox account (using an alternate email of mine and then switching that email to one used by the hacker).
My savvy contacts recognized that it wasn’t from me (my name was misspelled in the subject line) and almost all did not try to open the file. Besides, no one receiving this email was expecting particular file from me. How did I find out about the attack? I received a text message from one person alerting me to it.
In addition to the erroneous Dropbox-related email that was sent to some of my contacts, my incoming email (including junk email) was diverted by the hacker to an RSS feed that I couldn’t see on my computer (the emails were on my server but were not visible to me in Outlook). ). I don’t think this was part of the incident reported by Microsoft in mid-April to some Outlook accounts.
Recovery
Following the text message, my first response was to contact my IT person who could access my computer remotely. He immediately saw the bogus Dropbox file and deleted it (anyone trying to open the file after receiving the fake email was protected).
Recognizing that I had an email issue was another matter. I didn’t realize there was a problem until I went for about two hours without email (if it were real, it would have been a first). So I knew there was an email problem, but resolving it took a little longer than the Dropbox issue. The emails, none of which were lost, finally found their way into my inbox in Outlook. This was the first time I could see who received the fake email.
The next step was to reach out to contacts who’d received the fake email, explaining what happened and apologizing for any confusion or inconvenience. It was heartening to hear back from those who sympathized or empathized with my situation.
Lessons learned
The experience was not fun. It cost me an afternoon of lost productivity and a bill for my IT assistance. But I did learn a few things:
- No one is immune from being hacked. Despite all the protections and security measures I have in place, hackers are one step ahead.
- Take swift action. Once a problem is detected, make sure to address it immediately. To do this, it’s advisable for businesses that do not have in-house IT people to have professionals available for assistance with IT matters.
- Consider the impact on your customers. We don’t store any confidential information about customers; we only maintain email and snail mail addresses. Businesses that store financial or health information should take extra precautions (e.g., encryption) so that even if hacked, the information is not compromised.
- IT problems are a cost of doing business. Referencing the statistics at the start of this blog, it’s almost inevitable that someday your business will be impacted. Recognize that the time and money involved in addressing hackers is something to be expected.
