It’s most common to hear stories about businesses falling victim to a cyberattack and the devastating aftermath involved. This is a different type of story. It’s a detailed account of how a proactive cybersecurity solution, email SPAM filtering, saved the day for one of our clients targeted by an email phishing attack. Here’s the details of how it all worked.

Hacked email at a vendor: A hacker breached the email account of one employee at vendor of our client (our client’s email was not breached).  We’ll refer to this vendor employee as Employee A. The hacker read through many different emails in Employee A’s account and determined which contacts would be most valuable to target.

Hacker studied emails looking for his victims: Then, the hacker took time to carefully craft emails to Employee A’s key contacts that would be the most lucrative. This list included one of our client’s employees, we’ll refer to this person as Employee B. It’s important to realize that Employee A and Employee B have a long-standing history of working together and corresponding mostly by email about important matters regarding finances and employee data.

Hacker carefully writes a phishing email: With a simple search of the compromised vendor email account for Employee A, the hacker knows the language and topics commonly emailed between vendor Employee A and our client Employee B. Since the hacker has access to the complete email history between these two individuals, writing a convincing email is very easy.  The only real difference between a legitimate email and the hacker’s version is one link. The hacker replaces a single link within the email from Employee A to Employee B with a malicious link.  The goal of the hacker’s email to Employee B is to convince Employee B to click on the malicious link, thereby infecting Employee B’s computer.

Target is tricked by phishing email:  Because the hacker has control of Employee A’s email mailbox on an otherwise legitimate, trusted and spam-free email domain, the hackers email passes the initial spam filter tests for legitimacy and is delivered.  Employee B received the fake phishing email sent by the hacker, and because of their relationship with the now hacked Employee A, clicked on the malicious link. Why not, right? There were no red flags for Employee B. Employee A is a trusted and known person that sends regular emails. This most recent email was seemingly just another typical business email. This is exactly what makes this type of email so incredibly dangerous!

Target clicks on link in phishing email: Employee B clicked the link in the email. Here’s the message Employee B saw on her screen after clicking the malicious link.

SPAM email filter catches malicious link, disaster avoided: Employee B called us because she thought there was a problem and she needed to get the information in the malicious email from Employee A. We quickly looked into her problem and we were surprised with what we found. We realized that the link and email sent to Employee B at our client’s office was a highly targeted phishing email. Then, we celebrated when we realized that our email SPAM filter had worked exactly as designed to prevent disaster!

Hacking activities discovered: We advised Employee B that this was in fact a fake phishing email and that the link was malicious. A short while later, Employee B received a call from the vendor and Employee A stating that her email account had been hacked. The hacker had been sending out fake phishing emails for at least a few hours, including the one sent to Employee B at my client’s office.

Here’s what could’ve happened: Luckily for our client, we do have a number of other security layers in place which are designed to stop these types of infections.  Normally, the combination of these other layers is highly effective and likely the clients attempt to click on the malicious email link would have been blocked by their firewall, DNS filter or our advanced endpoint protection platform.  However, cybersecurity is a cat and mouse game of sorts.  Hackers just need to find one way to get their foot in the door, and if they do it can be game over for the hacker’s victim.

For a company which is not properly protected, as our client was, this situation would likely have ended very badly.  They could have been compromised with ransomware which locked their entire computer or company network.  They could have banking credentials stolen which could lead to tens or hundreds of thousands of dollars being siphoned from their business bank accounts.  If they were in the healthcare industry, they could have had patient data stolen and been subject to significant government fines.  These are just a sampling of what could have happened if a client was not using the types of security measures that we recommend.

If you are not confident that your business or organization is secure from cyber thieves, contact us for a free security assessment.