Skip to Content
Steps to protect against phishing emails
© Fizkes |
Security & privacy

Don’t click that link! New phishing emails could be very hard to spot

Many websites that provide a service or information let you sign up for their newsletter. Sent out a few times a month, it usually includes details about upcoming deals, company news or service improvements. Tap or click here for information about getting Kim’s newsletters.

But while the sender’s email address reflects that of the company, few might be aware that a company called Mailchimp processes millions of newsletters and bulk emails on their behalf.

You’ll never honestly know where the email originates, making detecting phishing emails challenging. Read on to find out why some of these emails could seem more real than ever.

Here’s the backstory

If a company had to send out newsletter emails to millions of subscribers, it would take time and resources. A service like Mailchimp takes care of that hassle by providing backend technology.

But the authenticity of emails sent through Mailchimp is now being questioned. This is because the provider fell victim to a cyberattack, with hackers making off with information from more than 100 customer accounts. The criminals can now use the stolen accounts to send phishing emails that seem legitimate.

The breach has created a massive headache for cryptocurrency company Trezor, among others. Users received an email that a new version of the software is available together with a link, presumably sent through stolen Mailchimp credentials.

Unfortunately, the link is fraudulent and takes victims to a malicious site that captures their crypto wallet details. Trezor confirmed “that the emails were part of a sophisticated phishing campaign” in a blog post.

What you can do about it

There is a good chance that some of your newsletters or company emails go through Mailchimp. There are some steps that you can take to remain safe.

  • Don’t click on links or download attachments that you receive in unsolicited emails.
  • If a message gives you a sense of urgency, delete it.
  • Spelling and grammar errors are big red flags.
  • Use two-factor authentication and password managers for better security.
  • Keep your operating systems, apps and devices updated with the latest official software and patches.
  • Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at That’s over 85% off the regular price!

Keep reading

True or false: That email you got from the Social Security Administration is a phishing scam

Before you click a PayPal link, read this warning – Sign it’s really a phishing scam

Ask me your digital question!

Navigating the digital world can be intimidating and sometimes downright daunting. Let me help! Reach out today to ask your digital question. You might even be on my show!

Ask Me