The Battleground:  

A worldwide humanitarian non-profit organization. 

The Presumption:  

Having employees trained on how to spot and report suspicious emails to prevent disastrous consequences such as scamming and ransomware. 

The Discovery:  

Unbeknownst to the IT Team of this organization of over 4,000 employees spread out over the globe, this organization had fallen victim to a successful OWA (Microsoft Outlook on the Web) Phishing attack. Phishing attacks are used to try to get a user’s login credentials, often by using a login portal that looks legitimate but sends the attackers a person’s username and password when a person falls for the attack and enters his or her credentials. The attackers had already established their presence in the client’s environment before the client reached out to us for assistance to remediate the issue. It was unknown how long the attackers were in the environment observing email activity until they finally found what they were looking for. After patiently waiting, the attackers now had access to Accounts Receivable emails. What started happening was that when AR would send out an invoice, the attackers would intercept that email and change the payment information and redirect the payments to their own account. It is unknown how long this event was going on and unknown how much money was stolen. 

Our Solution:  

Force a companywide password change, and enroll all employees in MFA (Multi-Factor Authentication) 

Lessons Learned:  

Stress the importance of security awareness to employees. Provide mandatory training and resources regarding how to spot phishing attempts to keep the companies information safe.