You may have received an email yesterday from Clare Love, one of our Partners. Unfortunately, Clare’s email account was compromised, which resulted in a phishing email being sent out to a number of contacts in our address book. The email contained a malicious ‘view file’ link.

If you received an email like this yesterday, please delete it.

If you clicked on the link and supplied your email password we recommend that you speak to your IT Support team as soon as possible. If you do not have access to IT support, our IT consultants advise that you change your email account passwords to prevent similar phishing emails being sent out to contacts in your own address book. Running an anti-virus scan on your PC, to check for any malicious software that may have been installed, is also recommended.

By way of additional information, investigation has discovered mail rules set by the malware in the Outlook web application, which are not always visible in the Outlook application on a computer. The malicious rule altered how Clare’s inbox worked by moving all received and unread items to the RSS Feed folder and marking them as ‘read’. This prevented Clare from being notified of any returned emails.  Clare’s telephone number was also scrambled in the email footer to prevent callers alerting her to the issue.

Our investigations to date confirm that the phishing attack was confined to our email system and no other data was either accessed or released. We take IT security very seriously and we will continue to take steps to improve the security of our systems to try to prevent such an event occurring again.