ALERT: If you have received an email with the Subject: "Investment Update - Important" — DO NOT CLICK on the attachment.

MARCH 12, 2026:  We are posting this notice to alert people that Nucleation experienced a hacking event and, if you received a notice like this to the right, you should delete this email.

We took precautions to notify everyone that we could reach about the chance that they might have received a spam message.  Many more people were notified than who actually received the spam, once we were able to diagnose what happened. So, if you didn't see the message, you were likely not targeted by this spam event. If you received the message and deleted it, you are also safe. If, however, you did click on the spam message, we are sharing more information about steps you should take to protect yourself and prevent further spread of this spam virus.

A. Background: Spammers are using AI to outsmart us!

Today’s phishing attacks are much harder to distinguish, unlike in the “Nigerian Prince” days. Attackers are making their deceptions much more surgical, using A Large Language Models (LLMs) to scan victim social media and LinkedIn presence, to draft emails that will more closely mimic the person’s likely messages.  They may even have detailed references of current activities, so don’t feel too bad if you were confused and clicked this message.

B. If you’ve clicked then you are likely to have been “infected,” but that may not result in the hack going to your contacts for a few days to a week.

The way to deal with this involves doing the following things:

1. Change your passwords asap. This is the most important “kill switch."
2. Implement two-factor authentication as much as possible.
3. Log out of all open sessions, whether email, online websites, or specific app sessions, and other app access where you’ve entered your credentials, including from phones, iPads, and laptops, etc. A hacker can try to steal those active credentials or tokens to get access to that app, email or platform, which can enable them to bypass even needing your password or two-factor authentication right away. When possible, use the setting that says “Sign out of all other web sessions.” Alternatively, you might see a “Manage devices” or “Remote Log Out” button. Use those to kill sessions that the hacker might want to use or may be actively using, like an online banking app, and you kick them out. Make a habit of always logging out of any app that has a credit card or bank access associated with it.
4. Check your email filters and forwarding “ghost rules" to see if they have been compromised.  This hacker set up an Email Forwarding Rule that put any message that came to us with the Subject “Investment Update” into the Trash, rather than the Inbox. This was an effort to try to prevent us from getting messages and knowing this hacking had happened. There were a couple of emails asking about the message in the Trash. We found them and were able to delete that rule and respond to those contacts. Be aware, a Spammer can also have your messages forwarded to themselves, so that they can invade your privacy. Be sure to disable all unknown forwarding instructions or filters that "Delete emails," "Skip the Inbox," or forward messages to another email.
5. Check your email logs.  When we did this, we found the four offending emails that had been sent out to people with the same Subject title and multiple email addressees.  When you find these messages in the logs, that don't show up in your ordinary outbox, you will at least know all of the email addresses that the phishing attack went to.
6. Check & Revoke Third-Party Access, especially if there are Apps with access to your accounts that you don’t recognize.  If you find something not familiar, remove that access, to prevent the spammer from being able to continue sending as you, even after you change your password.
7. You might opt to switch to Passkey technology, set up through your Security settings. SMS codes are no longer the safest bet since hackers can now do a “SIM swap” on your phone number. A passkey that uses Face ID, fingerprint or a physical USB key (Yubikey) to log in may be significantly safer. (This last advice item is from Gemini.)

C. If you clicked on the attachment, here's how to do Damage Control.

1. Warn those you can in advance. This is difficult, time-consuming and definitely not fun—given how many people we have connected with through email—but if you can provide advanced warning, you can help to prevent the spread of this virus. If you clicked on the attachment, you are likely infected so alert those you are connected with to watch out for a suspicious message from you. Definitely warn "high risk” individuals, especially the elderly, bankers, doctors, family members, etc. Let them know that you may have been hacked and the M.O. of this hacker, which is to send out what looks like a very reasonable message that asks them to click on a PDF. Let them know that they should not click on any attachement—especially one that isn’t actually a PDF but is a virus-infecting link. If they know in advance to watch out for a message that seems odd and to check with you if they get it, when they do, they will definitely thank you for that warning.
2. Prepare who and how you will contact folks. If and when the hacked messages get sent to your contacts, being prepared to send out an alert ASAP can save precious time when this event happens. That can prevent the attacker from having an advantage prior to when people begin to take actions to change passwords and close apps. It will also help you to already know how to check your email logs, so you can quickly discern exactly which contacts were affected, so you don't have to email broader than those who were affected and thus limit your outreach.
3. Ask people to check for blockers put on their email. Once the link is clicked, it is possible that the hacker will access the victim's email and implement a blocker that prevents you from alerting them. This can cause further delays as you try to help them deal with this hack. It could also interfere with your future ability to communicate with the people in your network in the future.  Please do check if your email account has had any new “blocked email domains” added.
4. Get help with cyber-security in advance of having your email compromised. An experienced IT security team can help you fortify your cyber defenses and prevent your email from being used improperly and spreading this virus to those you are connected to. Options include local IT professionals and IR firms with emergency response capabilities like:
   1. Mandiant  — acquired by Google, does incident response and crisis management.
   2. CrowdStrike — 24/7 breach and incident response.
   3. Palo Alto Networks Unit 42 — incident response and threat-led investigation for active breaches.
   4. Arctic Wolf Incident Response — emergency IR and restoration support.

Each email system is a little different, so if you are not familiar with how to implement these protections, you are better off checking with your email provider, go-to expert or AI assistant of choice to find out how to access your settings, change passwords and security settings, check email logs and review blockers and filters.  However, here are Gemini's directions for finding your Email Logs:

Here are Gemini's directions for protecting yourself from a hacker when using Google's email:

Updated 3/13/26