I'm an ICAS member and this morning received an email saying an investigation had been opened on me. This email came from a genuine ICAS email address and included my Firm Name, Office Address and Office Number. Interestingly ICAS's details of my firm name include the trading name in brackets, which is exactly how proper correspondence from ICAS comes.
So it looked genuine and worrying about the investigation but there is a Word file with Macros attached that looked suspicious. I just phoned ICAS and they said a lot of spam has been sent from their email address and I should ignore it. Certainly a relief on the supposed investigation but I can only assume someone has hacked into ICAS servers successfully.
Replies (11)
Please login or register to join the discussion.
Ditto
Same here
Just cut short my morning coffee as read the email on my phone and zoomed in to the office.
They are now not answering the phone. Sorry to hear you were affected but reassuring that it isn't real. I was trying to think of who might have complained and couldn't come up with anything!!
They owe me a Latte!!
Quite Agree
so much for ICAS data security. Quick to preach to small practitioners :-)
Yes!!
And we changed our firm name 2 and a half years ago. Informed by letter, and on 2 annual returns. They have only just changed it (to the wrong name) on their website after I complained as it caused an issue with a supplier. Imagine if we didn't react to at least 3 communications from a client!?!
Luckily I am personally in a far superior institute!!
ADVISORY - SPAM EMAIL PURPORTING TO BE FROM ICAS
Just to advise that a spam email is circulating purporting to come from ICAS which says “We have received a complaint regarding your business ……..”
Please ignore and delete this email. Do not open it in case the attachments are unsafe. We are currently investigating how this occurred and apologise for any inconvenience.
Atholl Duncan,
Executive Director,
Member Engagement and Communications.
Have ICAS computer systems been hacked?
This and another current thread suggest that the spoof eMail sender has access to data on ICAS computer systems, I think that ICAS should therefore investigate this matter as a matter of some urgency. Whether ICAS havebreach Data Protection R
Email addresses are easy to spoof
But the comment from ICAS doesn't explain how someone's PC details were accessed. They are not, as far as I know, publicly available.