My Goodness, How Sneaky Can Phishing Attacks Become? Nasty Stuff For Those Who Are Not Alert!

It seems even ASX/200 listed companies can get caught.

Last week I noticed this e-mail.

-----

To: Me

From: McGregor Grant

Subject: Nanosonics Proposal

Date 9/4/2020

Hi there,

Kindly REVIEW DOCUMENT

<https://onedrive.live.com/view.aspx?resid=xxxxxxxxxxxxxxxxxx&wdo=2&authkey=!XXXXXXXXXXXXXXXX>  sent to you via OneNote.

Best regards, McGregor Grant

Chief Financial Officer

Nanosonics Limited

t +61 2 8063 1600 d +61 2 8063 1613 m +61 (0)410 045 51114 Mars Road, Lane Cove, NSW 2066 Australia

www.nanosonics.com.au>

Please consider the environment before printing this email This e-mail and any attachment(s) are intended only for the addressee(s). The information in them is confidential, and may be legally privileged. If you have received this email in error, please notify the sender immediately and permanently remove all copies of this e-mail and any attachment(s) from your computer system. No confidentiality, copyright or privilege is waived by any erroneous transmission of this e-mail. You are solely responsible for taking protective action against any virus or malicious code that may have infected this e-mail or any attachment. We do not accept liability in connection with any infection, data corruption, delay, interruption or unauthorised access of this e-mail or for any personal views of the sender.

----- End email.

Despite being a small Nanosonics shareholder this looked nasty to me so I marked it as spam and deleted it.

Then the fun began:

-----

From: McGregor Grant

Sent: Thursday, April 9, 2020 12:53 PM

Subject: My email account has been compromised

Dear all,

This morning I expect you have received an email from me with the subject “ Nanosonics Proposal” or “Nanosonics Fee Proposal” requesting that you “Kindly REVIEW DOCUMENT sent to you via OneNote”.

This is a Phishing email and you have received it because my email account has been compromised. 

Please IGNORE/DELETE it and DO NOT click any link. I’m sorry for the inconvenience this has caused and thank you to those who have contacted me about this.

Kind regards,

McGregor

-----

And – some good advice:

From: McGregor Grant

Sent: Thursday, April 9, 2020 2:00 PM

Subject: My email account has been compromised

Dear all,

Further to my email earlier, if you have clicked on the link please immediately change your email account password.

Again, I’m sorry for the inconvenience this has caused.

Kind regards, McGregor

-----

Would be good to know the back story but the lesson is clear – strong passwords and don’t click links from anyone (other than my blog . I wonder how the shareholder e-mail database was compromised. I have not seen any press reporting so far about this. Has anyone?

David.