Yesterday I was doing a security review for a company that had just been used as a player in a phishing scheme.
Here’s how it went down.
A month ago an employee receives what looks to be a normal everyday email message.
So they click on the link in the message.
This then takes them to a phishing website.
The person then enters their login information.
The cyber crime is now half done.
Fast forward to the future.
The hacker (a program) logs into this person’s email and begins sending phishing emails to random people as this person.
As emails are sent the emails in the persons Sent box are deleted.
The hacker has mostly covered their tracks.
The person then notices a reply from one of these random people.
They quickly pick up the phone and call their IT provider for help.
This type of event is all too common nowadays.
Figuring out the who what why where and when of these types of cyber events can be challenging depending on what tools you have at your disposal.
If your business uses a service like Microsoft Office 365 there are several tools that can help you to track down forensic information.
Just so you know - this company has a well ran tech environment.
Still, no amount of prevention or protection can keep someone from clicking on an email link if they want to.
Sure there are security awareness programs like KnowBe4 and others that help to train staff to be more careful with their email.
This business just happens to use KnowBe4.
And the incident still happened.
Phishing in Florida is a real thing.
Actually, phishing is a real thing everywhere
It’s important to have proper controls on your email and communication systems.
It helps to reduce incidents like the one this business faced.
Outside of that all I can say is this.
If you receive an email that remotely looks suspicious
If you delete something you need.
There’s very likely a way to recover it.
If not you can quickly render a puzzled look on your face and tell the person who is asking you.
Oh I don’t think I got that message. 🤭