05 Mar Update on Constant Contact Breach
On March 4, 2020, our Constant Contact account was compromised temporarily, and a phishing email disguised as an invoice was sent to our users around 11:45am ET. This email preceded a legitimate communication sent to a smaller number of users, welcoming them to Edelweiss+Analytics when they had not actually subscribed -- a juxtaposition that caused confusion. The breach was discovered within minutes. As soon as we became aware of the intrusion, we secured our account and, within the hour, terminated the link in the malicious email.
Your Edelweiss+ account and subscriptions were neither impacted nor changed. It is clear that the intruder used our account to contact you, but we have no reason to believe that any data was exported. In any event, Edelweiss does not store account information such as credit card information or passwords on Constant Contact.
If users clicked the link in the email while it was active, then they may be at risk. Users were prompted to download a Word file and enter a password. If users took those actions and others, an attempt was made to install ransomware. Fortunately, as best we can tell, up-to-date antivirus software such as Windows Defender successfully detected the threat and neutralized it. However, we are still assessing the full extent of customer impact, and we recommend all users conduct an antivirus scan as a precaution.
In the future, if you receive an email from us that you weren’t expecting or one with an odd-looking link or attachment, please don’t hesitate to reach out to our team to verify its authenticity at firstname.lastname@example.org or email@example.com.
Please note: If your future emails to firstname.lastname@example.org do not go through or you do not receive replies to your support request, it could be because your email client is blocking emails from this address because of this phishing attempt. You may need to add this email address to your Safe Senders list. You can reach us on the Edelweiss Help site here.
Precautionary Steps to Take:
Delete the email:
- Delete the email from your inbox. It may go to a Deleted folder where you need to permanently delete it from your inbox.
If you downloaded and/or opened the file:
- Run an anti-virus scan.
- Your anti-virus may offer to quarantine or delete the file. Select Delete.
If your anti-virus doesn’t ask to delete the file, follow the steps below to manually delete it:
- Identify where you downloaded the file. Typically, this is the downloads folder:
- Delete the file identified by your antivirus software.
- Empty your recycling bin to completely delete the file from your computer. This step is not strictly necessary but should be done for completeness.
We’re very sorry for the issue and are taking every possible action to prevent it from happening in the future.