Oakey’s are a car and van repair garage based in Oxfordshire. They were established in the early 80’s and now deliver specialist diesel vehicle repairs, servicing and MOT testing – the business has also recently expanded their range of offerings to include Motorhomes and caravan repairs and habitation servicing.
The business has a varied IT structure – from day-to-day CRM, office systems and accounting software, through to specialist diagnostic software. At the time of the scam attack, they were trying to manage the IT themselves.
Unfortunately, the business fell foul of a social engineering scam, where a criminal called a team member pretending to be from Microsoft.
The team at Oakey’s had in fact legitimately recently purchased Office 365 – and believed the caller to actually be from Microsoft, who was enquiring about how their systems were running.
The caller, unfortunately, duped a member of the team into giving them access to the system by asking them to run specific fake tests on their PC to check security status.
Posing as a helpful IT engineer and offering to be “here to help…”, the scammer gainedfull access to the user’s machine and locked-down access to all systems.
claireLOGIC had been recommended to Oakeys by a local business and upon the distress call, claireLOGIC quickly assessed the situation and provided technical support to remove the scammer’s remote access.
claireLOGIC quickly regained control of the systems and rescued important business-critical data from the hacker.
A claireLOGIC engineer subsequently visited Oakleys to perform additional checks to ensure there were no remaining vulnerabilities. This included installing security systems to reduce the risk of further issues.
- Post security breach clean up
- Security software installation
- Ongoing support
Our advice for avoiding the hackers
Education your team around cyber-security including:
- Use different passwords for different websites
- Be suspicious of emails – even if they look like they come from someone known
- Check link locations within emails
- Use complex passwords (and a password manager)
- Increase privacy settings on social networks