How MailMeter can help in an email hack

The Incident:

Back in October 2018, One of our clients chased a customer for a late payment, only to be told that the payment had already been made. A quick search of our client’s books and bank records confirmed that the payment had not in fact been received. Engaging with their customer, our client learned that they had received an email from them with updated bank details. A common enough scam, unfortunately their customer acted upon it.

We understand that it is scarily easy to impersonate an email address and make an email look like it came from someone else. Investigating this email hack with their customer however they could see that all details of the email reflected the look, feel and tone of the emails they normally send. It was like somebody was able to read their messages.

 

How MailMeter can help in a real-world incident:

  1. Using MailMeter, our client instantly able to search our past history.
  2. They were able to confirm that the bogus email did originate from one of their mailboxes.
  3. Passwords were immediately changed and other remedial measures were put in place.
  4. They were separately able to confirm that an unauthorized user had indeed gained access to the mailbox, sent the email in question, deleted the message from sent items, emptied it from trash etc and made attempts to conceal the activity so that it would not be apparent to the casual observer.
  5. With MailMeter they were then able to search for any other occurrences, immediately searching back over a couple of years. All of this was done in a small number of minutes and the scale and scope of the issue rapidly identified. Once you know what you’re dealing with, you can take the appropriate actions.

 

Some lessons:

  • Well known mailbox names are always susceptible to an email hack ([email protected], [email protected] etc).
  • Password strength was insufficient, a poorly chosen password aids these types of attacks.
  • 2 Factor authentication is a must on your email.
  • Once an incident has happened, it is essential to have the tools available to properly diagnose the cause, scope and appropriate remedial actions.
  • A little forward planning saved a lot of time, money and reputational damage.

 

In Conclusion:

Without a comprehensive, searchable archive such as MailMeter in place our client would have been quite disadvantaged, relying on guesswork and conjecture for a lot of the incident response. Moving forward in addition to an increase in edge security our client will be using MailMeter to pro-actively monitor their email systems so that they can be in front of this type of email hack should it happen again.

 

Want to find out more; contact us today to discuss this further.