Transcript

The views and opinions expressed on this podcast are for informational purposes only, and solely those of the podcast participants, contributors, and guests, and do not constitute an endorsement by or necessarily represent the views of The Hartford or its affiliates.

You’re listening to the Small Biz Ahead podcast, brought to you by The Hartford.

Our Sponsor

This podcast is brought to you by The Hartford. When the unexpected strikes, The Hartford strikes back for over 1 million small business customers with property, liability, and workers compensation insurance. Check out The Hartford’s small business insurance at TheHartford.com.

Gene (00:04):

Hey everybody, this is Gene Marks and welcome to a special edition of the Hartford Small Biz Ahead Podcast. I’m glad that you are here to join us, and I wanted to bring your attention to a significant security issue that is growing in importance, particularly among small and mid-size businesses. And that happens to do with phishing, not fishing in a lake or fishing in the ocean, but phishing with a PH. PHISHING and the scams around phishing. Now, the Hartford has a new vendor, an e-signature vendor called DocuSign, which I’m sure many of you guys are familiar with. I use the service myself for my business. And DocuSign actually is this hugely popular e-signature service has been the victim actually or the target of some potential phishing campaigns.

Gene (00:54):

And they appear to be involving emails that are sent from DocuSign. So the first thing I want you to be aware of is if you see any email that’s coming from an outlook.com email domain… or it’s including in it’s subject line, things like MS Office 365 or Windows Defender purchased order or order successfully or complete with DocuSign, bought content or firewall protection order successfully placed… I just have to make you aware, these could easily be a phishing email. Now, phishing emails can do a ton of damage. If you get spam emails, but they contain malware. Usually in some of these emails, there is either a link that you click or a document that’s attached. If you inadvertently open up the document, it will launch malware on your device and potentially spread that malware throughout your entire network.

Gene (01:59):

This is how ransomware attacks happen, where entire companies get shut down and they have to pay ransom to the malware maker and some digital currency just to get a key to open up the encryption on their files so they can get back to work, and you don’t even know if that’s even gonna solve the problem. And most of these malware issues, they really start with some type of a phishing email. So, in addition to a document being attached to an email, there could just be a link in the email, and if you click on the link, it could send you to a malware infested website. And the website itself, the minute that somebody lands on it, it automatically downloads little malware onto your device. And the same thing happens as if you had opened up a document. Okay? So you have to be aware of malware.

Gene (02:51):

DocuSign, they have a heightened sense of awareness because it seems like there’s these malware attacks that are featuring DocuSign because DocuSign is so popular people tend to immediately trust it because they trust the service, but you can’t immediately do that. So let me just give you some advice, okay? If you get any emails from anybody that you don’t recognize, or even if you do recognize them before doing anything with the email, check the email address. Be very careful. I never open up emails. I mean, I delete emails. If I am receiving it from somebody that I don’t recognize, or if the email address looks kind of funky. So if I’m getting an email address from DocuSign and the return address has a domain of outlook.com, trust me when I tell you nobody from DocuSign is sending you an email from outlook.com. They’re sending it from their own domain.

Gene (03:47):

So if you’re getting an email from a bank or financial services or say your bank is Citibank or Wells Fargo, and you get an email announcing there’s some problem with your account. Well, first of all, that email better be coming from wellsfargo.com or citibank.com from their domain. It should not be coming from anything else other. Even a Gmail address or an outlook.com. That is suspicious stuff. Delete the email. Also, if you’re getting an email that seems suspicious and there is a document attached to it, unless you have requested a document be sent to you, never open up a document, period. Even if it’s a pdf which are more safer than word documents, you shouldn’t be opening up any documents at all. If you think that an email is suspicious at any point, you can always reply to the email, like with a document attached saying… say you got it from a friend of yours, the address seems fine, but there’s a document attached and it seems a little weird that they’re sending you the document.

Gene (04:56):

Just email your friend back and say, “Hey, did you send me this document?” And is it okay for me to open it? Ask in advance. You have to take an extra few seconds out to make sure that you’re protecting yourself against these malware attacks. Because remember, the malware makers will send you these emails with a malicious document attached, or with a link to a website that will take you somewhere else that will automatically download malicious email. Does that make sense? I really hope it does. Why is this so important? Because so many small businesses, many of my clients have been reporting over the past few years of this rise in ransomware and malware attacks. Malware attacks have increased something like two to 300% just since 2020. And one of the big reasons why is because so many of us are working from home.

Gene (05:48):

We have family members sharing computers, we’re not paying enough attention, we’re a little bit more distracted, our networks aren’t as as secure. Maybe our spam filters aren’t as good. So these emails are coming through and you’re doing a hundred things at once. So you get an email from DocuSign, it seems like it’s fine. You just, you click on the attachment without even paying attention and boom, you are in big trouble. So again, be very aware of Phishing email scams. If you get a document attached to an email and you’re not expecting it and it looks suspicious, don’t open it. Ask the sender. If the email addresses is weird and not the original domain of the company, then don’t open or do anything with that email. Delete it. In DocuSign’s case, if you’re getting an email that says, an outlook.com address that’s coming from… that’s not something anybody from DocuSign would send to you.

Gene (06:47):

If there’s just a weird subject line that just says, MS Office 365, or order successfully or firewall protection order successfully placed. If those kinds of subject lines are like raising a firewall. If it seems weird, it’s probably weird and you wanna make sure that you delete the email, don’t pay attention to it. If DocuSign sends you a legit email and you delete it, because it seems suspicious, trust me when I tell you they’ll send it to you again or somebody will reach out to you, okay? Be safe. Because if you don’t take these precautions, your network could be seriously compromised and your business could be shut down for days, weeks, in some cases permanently if it’s a serious enough malware attack. Those are my thoughts on malware and how to protect yourself and to be aware of those types of issues.

Gene (07:42):

I hope you put this into practice and by all means, reach out to us at The Hartford if you have any questions about this. In fact, if you need any tips or advice or help in running your business, come to smallbizahead.com or SBA.thehartford.com. You can get all the advice that you need and also post comments and questions to this podcast. I will respond back to you. Hope this information helps. My name is Gene Marks. You’ve been listening to the Hartford Small Biz Ahead Podcast. We look forward to seeing you next time. Take care.

 Download Our Free eBooks