During the afternoon of March 24, 2017, a phishing email was sent from an executive email account to an executive assistant requesting payment of a fraudulent invoice of $42,950.00 to the perpetrator. The attacker actively managed the attack through engaging the assistant in discussion regarding the payment. The executive account was compromised to perpetrate the attack. All systems and data accessible by the executive were potentially accessible to the attacker. To date no evidence has been found of any data compromise, and the attacker’s motivation may have been limited to a fraudulent invoice payment.

File Type: pdf
File Size: 330 KB
Categories: 2017