We recently heard from a local Financial Director who’d had their Office 365 email compromised. This allowed an unscrupulous cybercriminal to send over 10,000 emails from their account within one hour!!!
Contacts within the FDs email account included everyone who had ever interacted with his email, including customers, prospects, suppliers and staff; ALL of these people received a fraudulent email from him.
Imagine the damage that this incident has caused. Not only has the FD had to pick up the pieces from the fraudulent email, rectifying issues that his contacts now face, but his reputation has been severely damaged. That’s not to mention the time that he has had to spend sorting out the mess that’s been caused.
But, how did it happen within a secure Microsoft 365 mailbox?
Surely security should have been in place to stop hackers from reaching the mailbox? Well, the answer is that hackers didn’t get into the mailbox – the FD let the cybercriminals in all on his own. The necessary security was in place but unfortunately the Password Policy and Multi Factor Authentication were not.
Without the right policies and procedures in place, it’s really not that difficult for the criminally minded to compromise an email account; all they need to do is find your password and let themselves in.
At some point the FD will have entered his password somewhere he shouldn’t have, probably through what’s known as a ‘phishing’ email. In other words, he has been sent a fraudulent, yet genuine looking, email which has included a website link that has asked for his password. He’s innocently keyed in said password and voila – the criminals have it!
Once in their grubby mitts not only can the criminal use the password themselves but they’re also in the position to sell it on via the Dark Web. Imagine the consequences if the password is not just in place for the email account but also other online accounts be that banking, shopping, social accounts, memberships, etc…
How can email accounts be secured?
Obviously, it’s vital to have a secure account, such as Microsoft 365 Enhanced Security, but the buck doesn’t stop here. Proactively creating and maintaining a Password Policy within your organisation is essential, and ensuring that the policy is well-known and maintained is vital.
Multi Factor Authentication (MFA) adds an additional layer of security, ensuring that another method of identification is used alongside the password. This can include displaying knowledge that only the user can know, the user being in possession of a particular piece of hardware or the use of inherent factors such as a fingerprint.
FIND OUT HOW YOU CAN SECURE YOUR EMAIL!
IS YOUR PASSWORD ON THE DARK WEB?
Ask us for your FREE DARK WEB REPORT