A while ago, SYS3 were contacted by a client on the wrong side of an enormously distruptive email hack. The hacker had been sat silently eavesdropping on a private conversation between our client and one of his customers, waiting to pounce.
Here’s the full story:
The customer, “Client A”, happened to go into his Deleted Items to retrieve an old email when he noticed a string of emails sent from his account without his knowledge. The emails were sent to a customer he had recently been chasing for payment of a large overdue invoice. Among these emails was a message informing them of his change of bank details. He contacted the customer to explain that he had been compromised and to ignore the emails that were ‘sent’ from his account but it was too late. The customer had paid the hacker believing he’d settled his invoice.
After a rapid password change, SYS3 ‘s investigations uncovered a forwarder that was set up to an unknown email address, directing all email from Client A’s customer to go to the hacker rather than arriving in Client A’s inbox. A rule was also in place to automatically delete any email sent to Client A’s customer.
Who was at fault?
Client A had been hacked. He’d done something to be compromised and his customer was unknowingly corresponding with the hacker. Should he have to pay again? Client A was still owed the money and after many emails chasing for payment, a sudden bank change would seem a little suspect. Due to the large value of the invoice, was it not worth a phone call to check? Blame aside, the hack caused months of battling by Client A for his money and the same for his client to get his bank to return the original stolen funds.
How did it happen?
Hacks can happen in any number of ways. This one was likely caused by Client A unwittingly entering his email credentials into a website he believed to be the Office 365 Outlook Web App, inadvertently handing a hacker the keys to his inbox. The hacker then trawled for a juicy opportunity and sat silently for days, even weeks, before making his move. He saw the conversation surrounding the invoice heat up to the point where payment was imminent and he pounced. He was sure to keep up a conversation to avoid suspicion and set up a rule to put every email he sent into the Deleted Items to avoid it appearing in the more visited ‘Sent Items’ of Client A’s mailbox.
How can this be avoided?
It’s difficult and it can happen to the best of us. Client A was not completely unaware of the importance of email security. User training and diligence is essential and not difficult to implement when you have the right tools. SYS3 offer a number of services to help you and your staff stay as secure as possible.
The first thing you need to do is find out exactly how susceptible you are already.
What can SYS3 do to help?
Like many others, you’re naturally interested in how well your staff understand the importance of email security and the steps they take to keep your business secure. But how do you go about it?
SYS3 offer a service that will scan your entire email infrastructure to highlight any forwarders or mailbox rules that may be present. How does this help? The first thing hackers do is set up forwarding rules so they can monitor your mailbox.
If you want a more in-depth live security scenario, we can also schedule a phishing test that sends a dummy scam email to all staff. This in turn provides you with a report on who did and did not fall prey to the ‘scam’. You might be one of the very lucky ones and need no user training at all!