Background We have a client who we provide a base level service to. We are responsible for ensuring their desktops are operational and their employees have the capability to log in to their emails, with all other services being provided by another agency. What Happened Recently, we received a call from one of their employees stating that their emails had stopped working. After some initial investigation it was discovered that Microsoft had blocked their account due to the fact that it had hit the threshold for emails being auto-forwarded. This piqued the interest of our security analyst who investigated further and discovered that emails were being forwarded from the O365 account to a gmail account since 15 July. After discussing with the client, this email address was not known to them. Our analyst then disabled the rule within their email account and examined their emails for anything suspicious that may have arrived around the date the rule was first created. This is when our analyst discovered this little gem: As you can see, the email preys on the complacency of users by telling them they can bypass password change requirements by clicking on the link and logging in. This [...]
About Gareth PeakThis author has not yet filled in any details.
So far Gareth Peak has created 1 blog entries.