"My clients received spam/phishing emails from my work email. What do I do?"
If a client has contacted you about a suspicious email sent from your account, take action immediately. It may be a warning signal that a hacker has not only gained access to your email account, but to your company's network as well.
Your clients recognize and trust the messages they receive from you. That's why hackers use your good name—it gets them past the usual IT defenses and straight to your clients' data, often using phishing as their method of attack.
3 Symptoms Your Email is Hacked & What To Do About It [Infographic]
While some hackers spoof email addresses (which requires no access to your actual email account), emails sent to your key contacts indicate a well-researched hack—especially when those emails include contextually accurate subject matter (e.g. You are an accountant and the hacker attached a phony invoice).
In summary, an attempt at phishing "in your name" is especially troubling because it could signify that your data has already been accessed by a hacker. This has huge implications for your company's health and the sooner it is addressed, the better the outcome will be for your company's reputation, security, and profitability.
Addressing a Small Issue Now Can Prevent a Major Issue Down the Road
A hacked email can be a symptom of cyber security weaknesses, but you aren't the first to experience it and you won't be the last. In fact, you could be one of the first among your competitors to adopt solid security practices.
3 Symptoms & What to Do About It
1. People are receiving emails you didn't send.
Your LinkedIn and business connections are reporting emails with links and attachments that don't seem to work—all sent from your personal email or key accounts at your place of business.
2. You are having trouble eradicating viruses from one of your computers.
The same virus keeps showing up in your scans—even after restoring your device.
3. You have seen remote login alerts but can't find them later.
This is a sign that a hacker is in your email account (or network) and attempting to cover their tracks.
WHAT TO DO
1. Notify Your IT Department
They will likely need your device to run scans and (possibly) perform a hard reset. In the meantime, change your passwords and warn your contacts not to click links in emails they weren't expecting from you.
2. Document Your Data
Hackers often gain access to your email by first gaining access to your device. Give your IT team a list or summary of the types of sensitive data you have access to, whether client records, passwords, company financials, etc.
3. Initiate Incident Response
IT departments should bring in an incident response team to find the source or risk missing an active intruder with a backdoor into your network, devices, and data.
4. Find the Gaps
After the infection source is taken care of, begin a security risk assessment to locate which weaknesses in your security were exploited by hackers. You may find you need phishing training for employees or security monitoring.