On July 6, 2020, the Organization received a phishing email that appeared to be from its email and website provider. The email identified that the Organization’s credit card payment did not go through because the card may have changed or expired. The credit card had in fact recently expired. The email requested the Organization update its credit card information. The Organization provided the new credit card and login information but did not realize password information was also disclosed. On July 8, 2020, a third party attempted to login to the Organization’s account using the correct password (obtained from the phishing scam) but the attempt was blocked by IT security. Also on July 8, 2020, a third party successfully changed the email password. The Organization changed its email password again and added 2-Step verification to secure its account.
P2021-ND-108
File Type:
pdf
File Size:
606 KB
Categories:
2021