On January 7, 2021, an employee of a service provider to the Organization received a phishing email, prompting her to enter account credentials. On January 11, 2021, an unauthorized third party used the credentials to log into the employee’s email account, and send approximately 1,500 phishing emails. The employee notified the service provider?s IT team who took action to contain the breach. Also on January 11, 2021, emails began transmitting from the service provider’s email address advising recipients of an investment scheme opportunity. Recipients of these emails were asked to click on a linked attachment and enter their information. The service provider became aware of the issue when it began receiving calls asking if the emails were legitimate. Upon learning about the emails, the service provider’s IT team took actions to contain the breach.
P2021-ND-148
File Type:
pdf
File Size:
630 KB
Categories:
2021