P2018-ND-070

On April 19, 2018, the Organization was made aware that the email address used by an employee of two mutual fund representatives was compromised by malware and emails exchanged with 22 individuals (18 client accounts) were redirected to two unknown email addresses. The representatives discovered the incident on April 6, 2018 when an owner of the company was informed that an employee was not receiving emails on her desktop and on her Office 365 account. That same day, an investigation was conducted and the unknown email address was identified. The cause of the incident remains unclear; it is suspected that the employee clicked on a phishing email with a malicious link or attachment, or on a malicious link within a Google Chrome browser window. The emails were redirected between March 26, 2018 and April 6, 2018.

File Type: pdf
File Size: 343 KB
Categories: 2018