Office 365 Business Email Compromise Investigation Leads to Stronger Security Publication

or to bookmark this page

Click here to bookmark this page

Click here to remove bookmark

Office 365 Business Email Compromise Investigation Leads to Stronger Security

Client problem

A supervisor at a financial services company received an email request from a business associate. Despite recognizing the request was somewhat out of character, she clicked on a link in the email. Four days later, she discovered her computer was sending out a vast number of emails. Worse yet, the supervisor routinely works with sensitive personally identifying and financial information, and often communicates this information to other financial institutions.

In the meantime, the employee’s manager received a call from one of the company’s major clients saying they had received a strange email from this employee and it could be malicious. The manager immediately called her company’s data security hotline. After some initial investigation, the company’s external counsel was contacted to assist with a possible business email account compromise.

How Kroll resolved the problem
  • Upon being engaged by the client’s counsel, a Kroll forensics specialist immediately began analyzing the supervisor’s account remotely. 
  • Kroll confirmed the account had suffered unauthorized access for approximately four days, and that the attacker had relocated emails of interest to a benign subfolder of the supervisor’s email account – the “RSS feeds” folder. 
  • Kroll then reviewed the actions of the attacker to identify search terms that included W2, invoice, ACH, wire transfer, and payment, which allowed Kroll to understand a likely motivation of the unauthorized actor(s).

Delivering results
  • Kroll remediated the immediate threat and worked with the client to restore the supervisor’s account to a clean state.
  • When the cyber insurance provider who covered this event subsequently notified the manager of an increase in premiums and deductible, the manager launched an intensive employee awareness and training program and sought Kroll’s help to strengthen their systems.
  • They asked Kroll to test the program’s effectiveness by conducting a controlled phishing campaign.
  • The client was able to negotiate a new policy for more coverage at less cost.  

Don’t wait until a crisis. Kroll can help you better safeguard your data and strengthen your O365 environment today. Learn more here.

 

 
Office 365 Business Email Compromise Investigation Leads to Stronger Security 2019-02-13T05:00:00.0000000 /en-ca/insights/publications/office-365-bec-investigation /-/media/kroll/images/publications/thumbnails/office-365-business-email-compromise.jpg publication {E39587AD-8F0B-4FE2-865F-969BC5501096} {44969BA1-47AB-4BE6-BC0C-6EE0232385DF} {809E3BA6-ABC7-4C3B-AB97-D7E5B9A66B24} {3A077BFC-C74A-40AF-A14C-13BCF6E3873E} {7A48DD95-1A63-4784-842F-A2BE81EAFE13} {000DE5BE-6355-408E-85E6-1C296A187DF5}

Other Areas We Can Help

Cyber Risk

Global, end-to-end cyber risk solutions.

Cyber Risk

Office 365 Security Forensics

Digital forensic experts investigate hundreds of Office 365 incidents per year and help strengthen your security.

Office 365 Security Forensics

24x7 Incident Response

Compliant notifications, reputation-saving remediation, and litigation support.

24x7 Incident Response

Computer Forensics

Expert computer forensic assistance at any stage of a digital investigation or litigation.

Computer Forensics

Insights

Cyber Risk

Kroll CyberClarity360 and Buying Legal Webinar Series Wrap-up

Cyber Risk
Cyber Risk

CyberClarity360 Express Helps Fortune 25 Technology Client Identify and Prioritize Legal Vendor Cyber Risk

Cyber Risk
Cyber Risk

Cyberclarity360 Product Release Note: Risk Register

Cyber Risk