P2019-ND-099

On February 7, 2019, the Organization discovered that an Advisor’s online account credentials had been compromised, resulting in unauthorized access to their email account. As a result, phishing emails (which appeared to come from the Advisor) were sent to 8 Alberta residents. The emails included links which ultimately, requested the recipient to enter their email credentials. The unauthorized user may have been able to access the contents of the Advisor’s email account. The email account contained information dating back to April 18, 2018. A third party forensic audit determined that the Advisor received a phishing email containing a malicious URL link in December 2018, and the user had accessed the link in December 2018. No malware or software of any kind was uploaded to the desktop that was used to access the suspicious link. No further activity was identified on the account until early February 2019, when the phishing emails were sent. The incident was discovered when an individual who had received the phishing email informed the Organization.

File Type: pdf
File Size: 557 KB
Categories: 2019