Some fake emails saying that your password has been changed or compromised are quite common.
These scams normally convince the email user that someone has managed to change their password
They then click the link to reset your password which takes you to a site that looks very legitimate. However, it’s a malicious site that will record your username and password.
Once the hacker has gotten the password you have entered, they login into your webmail and send emails to your customers, suppliers etc.
They’ll tell individuals for example, that there are new bank details they need to update (which will be hackers own bank account) and tell them to transfer funds across.
Some of these scammers will even set up mail rules to hide emails from you to make sure you are oblivious of any changes they are making on your behalf.
The easiest way to check if it’s a phishing email is to check the from address. It normally won’t be a normal looking email address.
If you still are unsure, forward the email to Warringah IT.
Recent example of the scam:
Couples Dream Turns to Nightmare as Hackers Steal Funds Meant to Settle their New Home
You will see in the article:
On June 18, a hacker compromised PEXA by getting into their conveyancer’s email account, pressing the ‘forgot password’ button, intercepting the email to create a new password, logging in, and creating a new user.
This resulted in the hacker gaining access to the PEXA account, and transferring a $250,000 deposit for a home to their own account.