Action Required

This email is to inform ITC members that the Council's domain name and third-party infrastructure providers have been subject to a sophisticated DNS redirection attack beginning some time in July 2021 and ending on the 5th October 2021.

The attack was uncovered after a technical audit related to delayed email sending and receipt.

This attack re-routed various aspects of three ITC domain names to a third party provider who then captured various data and then re-forwarded the user to the ITC site. Specifically the hackers altered DNS records for tradecouncil.org, thetradecouncil.com and tradecouncil.net.

It is important to note that the ITC's own databases and systems were not directly breached. No one had access to our internal databases at any stage. Rather, the attackers used the third-party domain name systems to re-route traffic away from the ITC and capture that data. Thus the attack was done at the domain name level - not within our own server or software architecture and was wholly outside of our control.

Sites NOT subject to the DNS attack were: goglobalawards, qibcertification and others.

This attack was not unique. Several organizations appear to have been subject to the same scenario in a similar time-frame. This is being investigated at the moment.

We have been assured that all DNS issues are now resolved and appropriate remedies put in place with the DNS providers and hosting systems and providers to mitigate future risks. 

What you need to do:

1. We have changed all passwords at tradecouncil.net and sent you an email to set yourself a new password today.
   
   If you did not receive that email you can also reset it directly by visiting the member portal and selecting "Lost Password".
   
   If that doesn't work please email support@tradecouncil.net and we will manually create one for you.
   
   
2. If you receive password reset emails from any address except for  admin@tradecouncil.net please DO NOT click on them.
     
3. Do not click any email requesting you to call or send your credit card information to a strange email. The ITC does NOT store credit card information and all cards are processed through a third-party provider. Our staff will never request card details via email or over the phone.
     
4. We also recommend that you check any card used at tradecouncil.net for any suspicious charges and, if found, initiate a charge-back with your card provider. (The ITC does not store credit card data in its systems).