On October 23, 2017, a user at the Organization?s Head Office received a malicious phishing email from a trading partner correspondent. The Organization understands that the trading partner was tricked into disclosing his email credentials and many or all of his contacts were then sent a copy of a malicious email. The user who received the email also disclosed their credentials to the sender of the phishing email. Subsequently, one more user with the Organization also entered their credentials. On October 25, 2017, the Organization?s IT department was notified when emails started being issued from the two impacted users to people in their contact lists. On October 26, 2017, the Organization identified the recipients of the malicious email and sent them a warning.
P2018-ND-091
File Type:
pdf
File Size:
333 KB
Categories:
2018