P2018-ND-090

On March 6, 2018, an employee in the Organization?s Toronto office received a phishing email from a known and trusted business partner whose system had been exploited by an outside party. The phishing email convinced the employee to provide his email login credentials, which resulted in the outside party gaining unauthorized access to the employee’s email account. The outside party used access to the employee’s email account to send phishing emails to the contacts in the employee’s address book. During the period the outside party had access to the employee’s email account, they had the ability to access the emails in the employee’s email account which consisted of correspondence with business partners and business customers. Further investigation subsequently uncovered mail forwarding rules in the employee’s email account on March 12. The Organization has not found any evidence that the outside party reviewed, read, or downloaded emails from the compromised email account. The Organization became aware of the issue on March 7, 2018 when the employee started to receive emails from his contacts asking if he had sent the unauthorized emails.

File Type: pdf
File Size: 343 KB
Categories: 2018