News & Blog

How Email Archiving Can Help in an Email Attack

The Threat of an Email Attack  The Threat of email attacks has never been greater, preventing an email attack and minimising its

Posted on 15 April 2020

The Threat of an Email Attack 

The Threat of email attacks has never been greater, preventing an email attack and minimising its damage is top of the agenda for IT and Security departments across the globe. 

Hackers attack emails for one simple reason, it is the communications technology that is most widely used by employees. Especially in the current climate, which includes remote working and employees with more access points to their email, phone, tablet, desktop etc.  Increased access to email can also mean that employees are opening emails outside of working hours. They are more likely to be easily duped and inattentive when it comes to security. The latest email attack methods can cost a company millions in lost revenue, legal fees and lost business opportunity.  

Waterford Technologies combines, cloud email archiving, eDiscovery and compliance, supported by a team of data management consultants to provide a solution that reduces the cost and complexity of keeping email safe and available. Our team of experts combined with easy-to-use tools reduce the burden on IT administrators while transforming email management throughout the organisation. We have helped many clients set up controls and compliance plans to prevent an email attack as well as working with them to minimise the damage of an attack. 

Let’s look at an example: 

The Incident:

In recent months, one of our clients chased a customer for late payment, only to be told that the payment had already been made. A quick search of our client’s books and bank records confirmed that the payment had not in fact been received. Engaging with their customer, our client learned that they had received an email from them with updated bank details. A common enough scam, unfortunately, their customer acted upon it.

We understand that it is scarily easy to impersonate an email address and make an email look like it came from someone else. Investigating this email hack with their customer however they could see that all details of the email reflected the look, feel and tone of the emails they normally send. It was like somebody was able to read their messages.

How MailMeter can help in a real-world incident

  1. Using MailMeter, our client was instantly able to search their past history.
  2. They were able to confirm that the bogus email did originate from one of their mailboxes.
  3. Passwords were immediately changed and other remedial measures were put in place.
  4. They were separately able to confirm that an unauthorized user had indeed gained access to the mailbox, sent the email in question, deleted the message from sent items, emptied it from trash etc and made attempts to conceal the activity so that it would not be apparent to the casual observer.
  5. With MailMeter they were then able to search for any other occurrences, immediately searching back over a couple of years. All of this was done in a small number of minutes and the scale and scope of the issue rapidly identified. Once you know what you’re dealing with, you can take the appropriate actions.

Lessons

  • Well-known mailbox names are always susceptible to an email hack (Sales@, Finance@ etc).
  • Password strength was insufficient, a poorly chosen password aids these types of attacks.
  • 2 Factor authentication is a must on your email.
  • Once an incident has happened, it is essential to have the tools available to properly diagnose the cause, scope and appropriate remedial actions.
  • A little forward planning saved a lot of time, money and reputational damage

Forward Planning

Setting up a compliance plan for the finance department in MailMeter with rules that are orientated towards financial transactions, would mean that a situation like this could have been detected before the user fell victim to a scam like this. For example, monitor all messages being sent from Finance email addresses for terms related to changes in banking information.  The manager of the Finance team could then review these emails in a timely fashion to catch changes like these. 

In Conclusion:

Without a comprehensive, searchable archive such as MailMeter in place our client would have been quite disadvantaged, relying on guesswork and conjecture for a lot of the incident response. Moving forward in addition to an increase in edge security our client will be using MailMeter to pro-actively monitor their email systems using the compliance module so that they can be in front of this type of email hack should it happen again.

Want to find out more; contact us today to discuss this further.

Talk to our team of Experts
Pop up announcing the rebrand of Waterford Technologies to ComplyKEY. The call to action is to direct visitors to the new website ComplyKEY.com

[zcwp id = 1]