This post was written by Natalie K. Bowen, client success manager at Right Networks
Recently, a user at a firm was the unfortunate victim of yet another phishing attack. In this case, the experience serves as an example of why DUO is a must for your firm. If the firm had enabled DUO earlier, the situation would not have played out in the same way. Choose your own adventure below.
The situation as it happened
Five weeks ago, a user at the firm received a phishing email. It appeared to come from a client, and there was a link embedded in the email. When the user clicked the link, login information was requested, which the user provided. After the user input her login info, nothing else happened, and she went about her business.
Fast forward to last Friday, when the user was having an odd problem with her email. After the user called support, our consultant discovered that her incoming mail was all being forwarded to a Gmail account that the user did not know anything about. It turns out that when she input her credentials five weeks prior, someone had stolen those credentials, logged into her email, and set up a rule to forward all incoming mail to this unknown Gmail account.
The Right Networks security team worked to disable the forwarding rule and obtain a log of all of the incoming mail that the hacker had stolen. In this case, the fact that this user frequently scanned documents to email meant that all scanned items were also obtained by the hacker. The next steps for this firm now include going through each and every incoming email message over the last five weeks to determine exactly what data was stolen and to then inform those clients. The firm has since enabled DUO.
The situation had DUO been enabled
Five weeks ago, a user at a firm received a phishing email. It appeared to come from a client, and there was a link embedded in the email. When the user clicked the link, login information was requested, which the user provided. After the user input her login info, nothing else happened, and she went about her business.
Because DUO was enabled, when the hacker went to login to her email address and setup a forwarding rule, he or she couldn’t because it was not possible to get past multi-factor authentication. The hacker moved on to the next victim.
Without DUO, your firm is significantly more susceptible to malicious attacks. Save yourself the time and headache of having to inform your clients their data has been stolen. Enable DUO.