In our first article deep diving into real world security stories, we will discuss the process and impact that can arise from falling victim to a phishing attack. Beyond being a simple and automated process designed to use your mailbox to send even more spam, you will see that the criminals are using this as a method to obtain intimate access to your business and commit serious fraud, which could have major consequences. The story below is by no means unique, so taking the right steps to protect your business is more important than ever.
What was the security disaster?
Having illegally obtained log in details, scammers had access to a senior executive’s mailbox for more than 3 months.
The scammers forwarded emails externally, and learnt the intricate processes used within the business to undertake and authorise financial transactions.
In time they fabricated internal communications that appeared to include confirmations from those in authority that a large transaction was to be made. This was sent to the team responsible for executing financial transactions, directly from the mailbox of the senior executive.
With the appearance of ‘business as usual’ from the finance team, they understandably performed the transaction as requested. Fortunately, the mistake was identified quickly and it was still possible to put a hold on the transaction.
In the following days and weeks, the scammers persisted with an intense campaign of phishing, trying to reestablish access – and even directly contacting the involved people trying to get the transaction back on track.
Why did it happen?
The customer’s executives fell victim to a phishing attack – the presence of the breach was not detected for a long period.
A review found there was:
- A lack of awareness of these types of security risks
- Inadequate security policy – from both a business and technical perspective.
- Potential for improvement in the security of the email systems
What damage was caused?
While the rogue transaction was avoided, the incident created a significant disruption to business productivity as investigations were undertaken, and emergency changes were made.
How was it fixed (for the long term)?
A project was established to implement short term measures such as Multi Factor Authentication and Office 365 advanced email security products and policy design.
In addition, a program of phishing exposure baselining and end user security awareness training was implemented.
In our next instalment read about a disastrous data and productivity loss, based on urging workers to work from home – without the right behavioural and device policies in place.