If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
If you suspect an active attack on your business, call our emergency hotline at: 612-399-9680
Alpha Comply Login »

Business Email Compromise Case

Type of Attack: Business Email Compromise (BEC)

Industry: Construction

Company Size: 120 employees

computer components with hexagons and a locks over a red hexagon in the center

Attack Details

The President of the company began to notice some irregularities with his emails. Specifically, clients and customers would mention they had emailed him, but he hadn’t received the emails. These messages often dealt with company finances, making it a serious matter. The CEO reached out to his Managed Service Provider (MSP) to investigate. The MSP found some suspicious email forwarding rules and removed them.

However, about a month later, the CFO received a phone call from a customer saying she tried to wire money to the company, but it didn’t go through. The CFO wasn’t expecting payment until the following week. The customer received an email from the President asking the money to be wired that day but supplied different wiring instructions. The customer tried to wire the funds, but the transfer failed, which prompted the CFO from the sending company to contact the construction company. It turns out there were other email forwarding rules still in play that were well-disguised to look like standard directories. They can (and were) missed by the MSP a month prior. The attacker would have gotten a hold of $100,000 had the wiring instructions not contained an error.

What We Did

We identified all of the forwarding rules the attackers had set up and tried to disguise, and removed them from the system. We also contacted the company that had attempted to send payment to let them know what had happened. We gathered the original email from the company to determine that the email was spoofed from a mail server of yet another breached company. We took extensive measures to harden the company’s email service, such as multi-factor authentication for all email users.

A main concern the company had was determining whether or not the attackers had gained access to anything other than email. We conducted a thorough investigation of their onsite computers, networks, and servers. Fortunately, we were able to validate that this was an isolated incident, providing the peace of mind the company sought. 

two people sitting next to eachother looking at a computer screen. One person is pointing at the screen with a pen while the other person is holding their glasses in both hands.

Lessons Learned

Remediation for an attack requires cybersecurity expert help in order to be certain that 1) All threats have been removed and 2) The attacker has not infiltrated other areas of the organization.

Request more information about Business Email Compromise Services

Request More Information

Services

About

Twitter Linkedin Facebook Instagram Youtube

Quick Links

Search

Contact

Emergency Hotline           
612-399-9680

General Number
612-888-9674

Mailing Address
1360 University Ave Ste 104 Unit 122 St. Paul MN 55104
© Copyright 2024 Blue Team Alpha. All Rights Reserved. Privacy Policy & Terms of Service
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.