**An important message to all of our candidates & clients**

**An important message to all of our candidates & clients**

On Friday 6th of October at 12:20 PM Lisa Lee’s Office 365 password was compromised by an internet criminal.

In 15 seconds just under 500 emails were sent from a remote location using Lisa’s email account to common email addresses Lisa sends to. The issue was discovered at 12:25 and the source diagnosed and account disabled by 1:14 PM.

The subject of the email sent was simply “Hello” and they contained a PDF logo image, a link to a web site and the body “I tried to get this to you before, did you ever get it? Click PDF to view and download.”

The malicious emails did not contain malware. The links in the email lead to a hacked web site that is setup to collect user credentials by pretending to be a legitimate login for services such as Google or Office 365. The malicious site is now blocked by all common web browsers (Chrome is the notable exception as at time of writing this).

If you received the email and even if you clicked on the link then our analysis shows no ill effects.

However, if you clicked on the link and then entered your credentials (user ID and password) on the website that appears then you should immediately reset all passwords especially where the username is the email address you entered and the password is the same as, or similar to, the one you entered on the malicious web site.

Our investigations so far have determined that no additional data other than the email addresses was compromised.

If you have any questions or concerns, please ring the Classic office on 4638 3599.