Over the past month, we have seen a vast increase in email phishing attempts, and unfortunately, the number of users falling prey to the hackers.
Please note that this is most concerning for those that do not have multifactor authentication for email in place.
The latest wave of attacks typically comes from a user you have interacted with in the past (a person who has already fallen for the scam) and has a link to a file the recipient is instructed to download. An example of this is in the picture below – note that this is not a live hyperlink, and names have been blocked out.
If the recipient clicks on the link, it generally takes the recipient to what is masquerading as a legitimate email login page. The recipient then enters their email address and password and gains access to the file but has also just given away their email password.
At that point, the scam has been successful, and the mailbox has been compromised. Generally, the attacker will be dormant for a week or so, during which time they have downloaded the contents of the mailbox, and ultimately, they begin the cycle over again by sending out new mail to all of the contacts in the mailbox with an updated scam.
There are two major risks associated with this type of mailbox breach. The first is that the entire contents of the mailbox has been downloaded, and any business data – confidential or otherwise – is exposed. The second is reputational risk, in that anyone receiving the perpetuated phishing emails will know that your employee’s mailbox was compromised.
What to Do if Your Mailbox is Compromised
- First and foremost, if you are a Vertikal6 client, be sure to immediately call our support team. We will assist in changing your password and removing any types of rules that have been added to your mailbox to delete or forward messages. We will also investigate the cause of the breach and assist with any insurance claims or forensic analysis that is required.
- Second, if you carry cyberliability insurance and you are concerned about regulated data or confidential business data having been exposed, contact your insurance carrier. They will assist you in getting legal representation involved, as well as forensic analysts to determine the scope of the attack and any required notifications.
- Third, be sure to monitor your credit and bank accounts, verbally confirm any requests to change payment details and wire transfers, and watch for any suspicious invoices and other financial requests. The contents of the breached mailbox may be used to create social engineering attacks for financial gain.
How to Protect Yourself and Your Company
The two best ways to protect your mailbox data are multifactor authentication (MFA) and user education. Vertikal6 cannot recommend implementing multifactor authentication strongly enough. In our opinion, and those of the insurance companies, lawyers and forensic analysts we’ve spoken to in the last two weeks alone, MFA is the gold standard in preventing mailbox breaches. If you’ve used a website where you enter your username and password and then have to enter a one time pin that is texted to your phone, you have used MFA – and that’s the best way to protect your business email (and personal accounts). The cost of MFA is far outweighed by the multiple costs of a breach.
Secondly, user education is critical to the security of your business data. We implement a number of technical protections in all of our client environments, but end users will always represent the greatest risk to security.
Please reach out to us to set up some time to discuss MFA and end user education options. We cannot stress highly enough the prevalence of phishing issues and the importance of MFA and user education.
