« Back to News

Email security alert

In a recent case, an employee’s Office365 account became compromised. A criminal gained access and set up an email-forwarding rule that invisibly, behind the scenes, forwarded every incoming email directly to the criminal’s own network.
More details follow below, please do read on. If you are concerned or would like more information, please contact us.


What to look out for

Be aware that, if one of your user accounts becomes compromised, it is not always immediately apparent. In a recent attack, the only change we discovered was that an automatic email-forwarding rule was set up. No difference was apparent to the user, but all incoming emails were forwarded to a criminal. The criminals used the information gained from these emails to launch highly credible-looking phishing attacks on suppliers and customers of the unlucky victim.

How did this happen?

All too often, it’s not possible to trace the origin of such a subtle breach of your defences, but common vulnerabilities to look out for are:

weak passwords – we recommend regular training for all your users about best-practise in these areas
never leave machines logged in – advise all of your users about logging out whenever machines are unattended
email fraud – it’s easier than you think to fall for email fraud. If one of your users replies to an email, innocently entering in to conversation, that can be all the criminal needs to gain access to your system
Cyber Essentials certificate – consider getting government certification to show that you’re serious about your security, and to better understand your organisation’s cyber security

How can we help?

If any of the above triggers alarm bells for you, please contact us. We would be happy to run a check on your systems to look for suspiscious activities.

We have, for this victim of cyber attack, set up an ongoing screening process from within Office365. This will tell us whenever a forward rule is applied to any email user within the business. There is no charge from us for this service, although it does require an additional Microsoft Office365-E1 user account for our use. This account would be charged at cost.

Alternatively, you have the option of disabling the ability for users to forward emails to any other account.
And, if you do decide that you need additional security measures – we use, recommend and administer Mimecast email security measures, which can be tailored to your needs.

What to do, if attacked

If you think that one of your work accounts has been compromised:

First, contact us, so that we can find out what has really happened
Second, report this to Action Fraud. It is a crime. You have been attacked.
Third, you should report any breach that compromises your data security to the Information Commissioner’s Office.

We take our role as an IT partner seriously, and aim to give you the best advice to keep you safe.

Email security alert

June 26, 2018

In a recent case, an employee’s Office365 account became compromised. A criminal gained access and set up an email-forwarding rule that invisibly, behind the scenes, forwarded every incoming email directly to the criminal’s own network. More details follow below, please do read on. If you are concerned or would like more information, please contact us.…

Read more…

Music and Message on Hold service

February 22, 2018

Here at SITOC, we don’t just install phone systems. Through a carefully selected partner company, we also offer a high quality, highly affordable music on hold service. Follow the link below to listen to the music and hear the voices available. Get started > This could help you: Maximise inbound sales leads     –…

Read more…

Case study: E-Resourcing Ltd’s new phone system

January 8, 2018

E-Resourcing move to a hosted phone system You don’t have to be a big company, or have complex telephony needs, to get instant benefits from cloud-based phones E-Resourcing Ltd is an award-winning IT recruitment specialist, providing contract and permanent solutions across UK and Europe. Cloud-phones Kevin Thorn, Director at E-Resourcing, says, “We’re a straight-forward business,…

Read more…

Top three reasons why it is time to upgrade from Windows 7 to Windows 10

November 6, 2017

1   Spread your costs ahead of Microsoft’s end of support 2   Unlock the benefits of BitLocker for better security 3   Get ready for the new GDPR regulations 1.     Financial planning We already know that Microsoft terminated mainline support for Windows 7 in 2015; and extended support will end in 2020.…

Read more…

Understand your technological debt

September 19, 2017

Putting a price to your technological debt can transform your ability to future-proof your business. There’s a concept in software development that is spilling over in to business management: helping us all to better understand and plan our wider IT development. ‘Technical debt’ is a well-known term in the development community. It means that you’ve…

Read more…

Latest news

  • Email security alert

    In a recent case, an employee’s Office365 account became compromised. A criminal gained access and set up an email-forwarding rule that invisibly, behind the scenes, forwarded every incoming email directly to the criminal’s own network. More details follow below, please do read on. If you are concerned or would like more information, please contact us.…

    read more >
  • Music and Message on Hold service

    Here at SITOC, we don’t just install phone systems. Through a carefully selected partner company, we also offer a high quality, highly affordable music on hold service. Follow the link below to listen to the music and hear the voices available. Get started > This could help you: Maximise inbound sales leads     –…

    read more >
  • Case study: E-Resourcing Ltd’s new phone system

    E-Resourcing move to a hosted phone system You don’t have to be a big company, or have complex telephony needs, to get instant benefits from cloud-based phones E-Resourcing Ltd is an award-winning IT recruitment specialist, providing contract and permanent solutions across UK and Europe. Cloud-phones Kevin Thorn, Director at E-Resourcing, says, “We’re a straight-forward business,…

    read more >
View all news >