P2019-ND-063

On July 4, 2016, the Organization realized an employee?s email account had been breached, resulting in a phishing email sent to email addresses in the employee?s Outlook contacts. In addition a rule was set up in the Outlook account, which redirected all incoming emails to the deleted items folder. The incident is believed to have resulted when the employee clicked on a phishing email on November 20, 2015. As a result, the Organization suspects the intrusion was unnoticed for 7 months. The incident was discovered when the employee received a telephone call from one of the recipients of the phishing email sent from the compromised account.

File Type: pdf
File Size: 529 KB
Categories: 2019