P2019-ND-163

The Organization learned that on February 27, 2019, one of its employee email accounts was accessed by an unauthorized individual and used to send phishing emails from the account. The incident affected one email account, which was accessed for approximately five hours on February 27, 2019. No other employee accounts were affected. The cause of the incident was determined to be a phishing email that had been sent to the employee from a known and trusted business partner whose system had been apparently exploited by an unauthorized individual. Once the unauthorized individual gained access to the employee’s account, they changed the employee’s email configuration to conceal their activity, synchronized the employee’s email with a remote computer, and used the employee’s email account to send the above-mentioned phishing emails to contacts in the employee’s address book. The incident was identified when the unauthorized individual sent the phishing email from the employee’s account.

File Type: pdf
File Size: 605 KB
Categories: 2019