There aren’t many feelings worse than opening your inbox and seeing a flood of SENT emails that didn’t come from you. Someone has hacked your email account, and you have no idea what to do. Don’t worry – there are steps you can take to immediately address the situation.
Here’s what to do when your email account is hacked.
Last week, a hacker infiltrated the email inbox of one of 2b1’s clients, a partner at a law firm. The hacker created a rule in the email inbox to reroute all incoming emails to the lawyer’s trash folder, so that he wouldn’t be notified of suspicious activity. The hacker then accessed the lawyer’s OneDrive account and OneNote cloud application. They created a document designed to look like a Docusign invoice portal and sent it to hundreds of clients and contacts, directing recipients to a malicious link.
Since the malicious document was created with the client’s own OneDrive and OneNote accounts, it slipped through native email scanners. The lawyer’s office manager was alerted to this unexpected invoice by clients, and informed our team. Luckily, the lawyer had 2b1 Care, and we were able to resolve the situation. Here’s how:
1. Changing passwords
We immediately changed all passwords that may have been compromised. We also immediately ended all active sessions for the lawyer’s account so anyone who may have had the email account open would immediately be logged out. Bye, hacker. We logged back in with the new, uncompromised password and began addressing the situation.
2. Analyzing the malicious email
We reviewed the malicious email blast, which directed recipients to OneDrive and a specific document in the lawyer’s OneNote account meant to resemble a real Docusign invoice. We investigated this spoofed document and confirmed that it contained a malicious link.
3. Deleting the spoofed document
Our team then deleted the spoofed invoice page, ensuring no one could click the malicious link. This way, even if recipients clicked on the link in the email blast, they would not be exposed to the malicious document. Instead, they would receive a notice saying the document could not be found. This effectively disabled the malicious email.
4. Using 2b1 Care Advanced Email Security to identify targets
We then used 2b1 Care Advanced Email Security to review the malicious emails and identify all of the hacker’s targets who had received the email blast. With 2b1 Care, this process was quick and painless, and we identified every target with one click. This allowed our team to respond immediately.
6. Reversing the hacker’s inbox settings
Our last step was reversing the inbox settings the hacker had set up which sent all new emails to the trash folder. We returned the inbox to functioning as normal so the lawyer could access all of his existing and new emails with minimal interruption to his work.
We were able to identify the malicious email, isolate and delete the malicious document, collect every contact affected, and alert everyone to the phishing attempt within 2 hours with 2b1 Care’s cybersecurity capabilities. Luckily, our team was able to halt and address this attempted cyberattack before it could escalate further.
If you are a business owner, dealing with a situation like this can be extremely daunting – especially if you don’t have a robust cybersecurity or IT department backing you up. We recommend having a process in place for attempted phishing, spoofing, or business email compromise attacks. Cyberattacks are on the rise, and even small businesses must be prepared to address them.
If you are looking to build out cybersecurity defenses at your practice, contact our team to get started with 2b1 Care.