The team were alerted by a customer employee that they had received a suspicious email from a colleague. During their investigation, the team discovered that this was in fact a phishing email, and the cloud-hosted document it claimed to link to was actually a cloned page, created by the attacker to appear like a legitimate login page, which would execute malicious operations. With login details entered, this page hosted on the attacker’s server would trigger a real multi-factor authentication (MFA) request which, unbeknownst to the user, would then grant the attacker – intercepting the user’s session – total access to their user account.
Our cybersecurity team realised immediately that the colleague’s account was compromised, and immediately informed the customer and took action to restore security and remediate all compromised user accounts. We helped them put out an awareness email to their staff to educate them and increase their security vigilance. In addition, we restricted non-UK traffic to their network, blacklisted the malicious URL that had been contained within the phishing email, blocked the related IP addresses, and purged all phishing emails from the customer environment.
As a result, we were able to prevent further customer accounts from being compromised and ensure the customer went forward with a stronger security posture.
This story highlights the importance of having trained cybersecurity professionals available to investigate and quickly remediate issues, as well as the importance of human awareness, training and caution in preventing accounts from being compromised in the first place.
If you receive an email that you were not expecting or that seems suspicious, even if appears to be from a colleague, which includes links or requests to divulge confidential information, speak to your colleague to check its veracity or report it as suspicious to your IT team immediately so they can investigate. Awareness and good judgement on the part of employees is just as crucial to ensuring an organisation’s security as the latest cybersecurity technology.
If you do believe a link to a document or other file hosted online is legitimate, when you reach the login page, have a look at the URL in your browser window to check before entering your details. Although cybercriminals running MitM attacks will do their best to fool you, the web address will never exactly match that used by Microsoft or Google, for example.
We don’t spam, we’ll never sell your email address; find out more on our privacy page.
The Maylands Building
Maylands Avenue
Hemel Hempstead
Hertfordshire
HP2 7TG
© 2024 Annodata Limited Registered in England No. 02246366 VAT Registration No. GB766040436
Registered with the Financial Conduct Authority (FCA) – Reference number: 669037