Alerts to a potential phishing attempt by our monitoring systems highlighted two emails that were being sent from an internal email address at our customer’s office to hundreds of recipience.

Both emails contained the same phishing link which prompted users to enter their email address to download a document, followed by a convincing credentials phishing page.

Our investigations showed that the compromised account showed suspicious sign-ins from multiple locations, indicating unauthorised access.

We recommended that our customer implement a training solution to help staff learn about phishing campaigns, as well as implementing geo-based conditional access policies, deploying a SIEM solution to monitor and alert on suspicious activities and conducting monthly phishing simulations to improve user awareness and response.

Following on from this attack, out team monitored another set of suspicious phishing emails, this was investigated and the customer confirmed they had run a test internally to assist with training staff on phishing emails.

Employee training is key to preventing these phishing attempts from being successful. As a managed cybersecurity provider, we provide learning and simulation services to train staff to be on the lookout for even the most sophisticated social engineering attempts, as well as managed cyber services such as phishing defence, threat management and incident response.