On October 30, 2017, an individual located in Africa gained unauthorized access to the email account of the Organization?s Co-CEO. Forensic analysis of the email account showed that the individual accessed the email account three separate times on the morning of October 30, 2017. The purpose of the unauthorized access was to plant an email chain which included fake correspondence and a request for a wire transfer of funds to a bank in Hong Kong. The email chain was then forwarded from the email account to the Organization?s CFO. The recipient immediately recognized the email as suspicious and notified IT staff who determined the email originated from an IP address in Africa. The password for the compromised account was immediately changed, thwarting another attempted unauthorized sign-in. The email account was quarantined on November 1, 2017, and forensic analysis confirmed that the email in the account was never independently saved or downloaded, but that emails viewed included the personal information at issue.
P2017-ND-166
File Type:
pdf
File Size:
334 KB
Categories:
2017