Sector: Financial Services

Type: Email Compromise

A fraudulent email containing a malicious link to a Request
for Proposal document was sent from an Executive VP at
the insured, an insurance broker, to their contact list. The
link led to a Microsoft OneNote login/password request
page. A number of staff clicked on the link, and one
entered their credentials. The email was determined to be
suspicious, and it was confirmed that the VP wasn’t the
author. Staff were advised to delete the email and not to
click on the link.

Our response

Our IT forensics team confirmed that no data privacy
breach or third-party loss exposure had occurred.
A communication to all policy holders was issued
on the same day to ensure customer retention. On
recommendation the insured appointed an independent
forensic investigator to review their system to ensure
there was no longer access to the system.