Many websites that provide a service or information let you sign up for their newsletter. Sent out a few times a month, it usually includes details about upcoming deals, company news or service improvements. Tap or click here for information about getting Kim’s newsletters.
But while the sender’s email address reflects that of the company, few might be aware that a company called Mailchimp processes millions of newsletters and bulk emails on their behalf.
You’ll never honestly know where the email originates, making detecting phishing emails challenging. Read on to find out why some of these emails could seem more real than ever.
Here’s the backstory
If a company had to send out newsletter emails to millions of subscribers, it would take time and resources. A service like Mailchimp takes care of that hassle by providing backend technology.
But the authenticity of emails sent through Mailchimp is now being questioned. This is because the provider fell victim to a cyberattack, with hackers making off with information from more than 100 customer accounts. The criminals can now use the stolen accounts to send phishing emails that seem legitimate.
The breach has created a massive headache for cryptocurrency company Trezor, among others. Users received an email that a new version of the software is available together with a link, presumably sent through stolen Mailchimp credentials.
Unfortunately, the link is fraudulent and takes victims to a malicious site that captures their crypto wallet details. Trezor confirmed “that the emails were part of a sophisticated phishing campaign” in a blog post.
What you can do about it
There is a good chance that some of your newsletters or company emails go through Mailchimp. There are some steps that you can take to remain safe.
- Don’t click on links or download attachments that you receive in unsolicited emails.
- If a message gives you a sense of urgency, delete it.
- Spelling and grammar errors are big red flags.
- Use two-factor authentication and password managers for better security.
- Keep your operating systems, apps and devices updated with the latest official software and patches.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
True or false: That email you got from the Social Security Administration is a phishing scam
Before you click a PayPal link, read this warning – Sign it’s really a phishing scam