Email security alert
In a recent case, an employee’s Office365 account became compromised. A criminal gained access and set up an email-forwarding rule that invisibly, behind the scenes, forwarded every incoming email directly to the criminal’s own network.
More details follow below, please do read on. If you are concerned or would like more information, please contact us.
What to look out for
Be aware that, if one of your user accounts becomes compromised, it is not always immediately apparent. In a recent attack, the only change we discovered was that an automatic email-forwarding rule was set up. No difference was apparent to the user, but all incoming emails were forwarded to a criminal. The criminals used the information gained from these emails to launch highly credible-looking phishing attacks on suppliers and customers of the unlucky victim.
How did this happen?
All too often, it’s not possible to trace the origin of such a subtle breach of your defences, but common vulnerabilities to look out for are:
weak passwords – we recommend regular training for all your users about best-practise in these areas
never leave machines logged in – advise all of your users about logging out whenever machines are unattended
email fraud – it’s easier than you think to fall for email fraud. If one of your users replies to an email, innocently entering in to conversation, that can be all the criminal needs to gain access to your system
Cyber Essentials certificate – consider getting government certification to show that you’re serious about your security, and to better understand your organisation’s cyber security
How can we help?
If any of the above triggers alarm bells for you, please contact us. We would be happy to run a check on your systems to look for suspiscious activities.
We have, for this victim of cyber attack, set up an ongoing screening process from within Office365. This will tell us whenever a forward rule is applied to any email user within the business. There is no charge from us for this service, although it does require an additional Microsoft Office365-E1 user account for our use. This account would be charged at cost.
Alternatively, you have the option of disabling the ability for users to forward emails to any other account.
And, if you do decide that you need additional security measures – we use, recommend and administer Mimecast email security measures, which can be tailored to your needs.
What to do, if attacked
If you think that one of your work accounts has been compromised:
First, contact us, so that we can find out what has really happened
Second, report this to Action Fraud. It is a crime. You have been attacked.
Third, you should report any breach that compromises your data security to the Information Commissioner’s Office.
We take our role as an IT partner seriously, and aim to give you the best advice to keep you safe.