A cyber incident threatened to derail the budding business just as it was finding its feet
The Phishing Email Targeting Long Rays
The Long Rays team has plenty to fizz about after building their popular drinks brand from the ground up.
The soda and tonic label began with just two people in 2020 and now supplies its premium mixers to distilleries, bars and bottle shops across Australia.
But a cyber incident threatened to derail the budding business just as it was finding its feet.
Co-owner Bel Winch says a former employee opened a phishing email and downloaded a malicious file, unknowingly giving cyber criminals access to their systems and contact list.
At first glance, the email appeared to come from within the company.
“It looked like it had been sent by one of our staff,” she recalls.
“The subject line said something like, ‘Here’s the document you requested’, and it had a file attached. It was only when we looked closely that we noticed tiny differences in the email address like an extra dot point.”
Once the file was opened and unzipped, the damage spread quickly.
“Everyone in that person’s contact list was sent the same file,” she says. “We had customers calling us saying, ‘Hey, just so you know, we’re getting spam from you.’ The attackers had also set up email rules so they could send messages without us even seeing them.”
The team immediately contacted their website host, GoDaddy, which had already flagged unusual activity and blocked one of their email accounts for sending spam.
“GoDaddy did a lot of the heavy lifting and worked with Microsoft to sort everything out. Thankfully it was a fast turnaround,” Winch says. “We were lucky it was picked up almost straight away. It could have been a lot worse.”
While she believes no sensitive customer data was ultimately extracted, the experience was a wake-up call.
“We could have lost a lot – it could have been very bad,” she says. “So we stepped up our game.”
We Reset Passwords, Added 2FA, Backed-up Emails, & Installed Malware
The team reset passwords across all platforms, introduced two-factor authentication, backed up emails and systems, and installed malware protection on all devices. They also introduced clearer internal protocols.
“It became company policy that if you receive anything even slightly suspicious, you tell the team immediately,” she says.
“We don’t click links unless we’re 100 per cent sure. We’ve also stopped storing credit card details in Google. A bit of common sense goes a long way.”
The fear of what might have happened lingered. Later, during a casual catch-up, her brother suggested she complete the free Cyber Wardens course.
“We were actually having a beer and he said he’d stumbled across it and thought of me,” she says. “A lot of small businesses overlook cyber security because you’re busy running day-to-day operations. The training opened my eyes even further to just how vulnerable you can be.”
She says the course reinforced the importance of strong, unique passwords, two-factor authentication and being cautious on public Wi-Fi.
“It prompted me to go back again and change passwords we’d reused, and to be more proactive about reporting scam emails,” she says. “Now if something suspicious comes in, we report it straight away and delete it. And we make sure the whole team is alerted to suspicious emails.”
Bel joined founder Shivam Reddy just months after he began developing an Australian-made mixer brand to complement the booming craft spirits industry.
“We were seeing so many incredible Australian distillers producing gin, vodka and rum, but there wasn’t an Australian mixer to match,” she says.
“There were international brands, but we have such unique botanicals here. Using overseas mixers was masking the flavour of local spirits.”
Long Rays was created to champion those local flavours, using Australian ingredients and lower sugar levels so distillers could showcase their product without it being overpowered.
Bel’s background in hospitality – running high-volume bars, pubs, a gin bar and overseeing multiple bottle shops – gave her first-hand insight into the opportunity.
“I could see the gap straight away,” she says. “It was the right timing, and we were able to roll it out through venues that already focused on Australian produce.”
Today, Long Rays continues to grow, and is also better protected and more cyber aware.
Bel says the lesson is simple: small businesses can’t afford to be complacent.
“You think it won’t happen to you, until it does,” she says.
Need to brush up on your cyber skills, or at the start of your journey? Explore the range of free Cyber Wardens courses at cyberwardens.com.au/courses.
