Yes, it happened to me. I succumbed to curiosity/fear to click an attachment on an email. To be clear, it came from a known contact. It looked official. I did have a few twinges of wondering. In fact, a similar email a few months ago raised more flags. I called the sender BEFORE clicking and then deleted it immediately, escaping disaster.
In this case, the email preyed on an large fear. It came from a copyright attorney, one I interacted with related to an infringement. When I saw the email, I skipped reason and landed on panic. Did we somehow, despite our new image use policies and extraordinary care, land ourselves with another infringement? How? Why? I asked my assistant to reach out to the attorney by phone but clicked the attachment anyway.
When I clicked the scam attachment, it triggered a similar email being sent to all my Google contacts — all of them: my mother, past clients, current clients, even my 9 year old daughter.
As far as I can tell, the only damage (still plenty) came to my contacts who clicked the attachment before I could alert them to the issue, and the domino effect ensuing from there, the way this virus/hack/scam/phishing attempt spreads from one person to the next.
One contact, responding after the incident, said, “It’s the hackers to blame.”
Here’s why this scam is so insidious: it preys on peoples’ desire for opportunity and connection and it exploits their trust in relationships.
Picture this: you get an email from me with a contract attached. The email includes my signature, the logos of all my companies. It must be me, right? And then, there’s a logical request attached. For example, here’s our updated contract or please update your contact information. Before you have time to think, your natural curiosity takes over and the scam/hack continues.
My team and I responded to the hack immediately; we sent an email to our entire opt-in list, posted on social media channels, and sent a few personal notes. But there’s no easy way to email one’s gmail contacts en masse that we know of, even though the hackers do it easily enough. Sigh.
One positive benefit of the attack is that I heard from several people I haven’t connected with in some time, both through email and on social channels. It reminded me what an awesome network of connections I have, how many wonderful people I’ve been privileged to meet on this journey. If there is any bright spot, that’s it.
Be careful out there, people! Don’t click on attachments you’re not expecting to receive. Confirm first, via phone or email. If you did happen to click on the attachment sent by my email, change your email password and alert your contacts immediately.