Recently, a new small business client (under 5 employees) complained that “nasty” emails were being sent to their customers from one of their email addresses. Upon investigation we found a virus on a Workstation who’s mission was to gather all the e-mail addresses stored in their contacts and send it back to the virus creator.
Then, using this list of contacts, the bad guys that created this virus, send out e-mails pretending to be the client. This is called spoofing. The bad guys spoof your address and send out hundreds of e-mails with your address as the sender.
The people that receive these e-mails recognize the address and trust it, because it’s you, they know you, they trust you.
In that e-mail there may be a demand for money and/or “click here” to pay. The “click here” link, takes them to the bad guys web site or pay portal where they collect money.
In situations like this you must contact the company who hosts your email. With our email clients we put a SPF (Sender Policy Framework). record in place to cut down if not eliminate altogether this type of exploit. The SPF identifies which mail servers are permitted to send e-mail on behalf of your domain.
This is an example of where small businesses are targets for the hackers because they believe that small businesses do not have the cyber security policies in place.
Check with your email provider to make sure they are providing the proper security for your email.