One day in the fall of 2014, when I was still helping run a startup I co-founded (not the one I’m working for now), a client forwarded me an email he thought was suspicious.
The email looked a lot like something my company would send. It linked to a website that looked a lot like ours that offered a great deal on the same service we provided. The site’s URL was almost identical to ours, too.
Right away I had a bad feeling, but my first reaction was to tell myself it was just a competitor that had somehow gotten the email of a single client.
Not a big deal.
Then another client forwarded the same email. And another, and another.
Pretty quickly it became clear that someone had gotten a list of our clients, and was sending them emails to try and trick them into paying the wrong company for our service.
I was angry and worried. Who was doing this? How had they gotten our clients’ information? How much did they have?
Ultimately, I think the way we reacted was mostly good, but w…