A senior member of staff at a well-known law firm was using their work computer for personal use at home when they received a spear phishing attempt. Despite the organisation having extensive cyber security and information security policies in place, they offered no training into the practical implications of such policies. Unfortunately this meant that the senior staff member was perhaps less cautious than they should have been and, unwittingly, clicked on a link that directed them to a fake network login page.

Once contacted, Zacco Digital Trust was able to block the staff member’s account, take the laptop offline and stop the attack, mitigating the potential damage to the internal network. While regaining control of the account, we investigated who else might have received a similar email and informed them. We blocked the sender’s addresses, as well as the IP addresses associated with the fake login sites, and sent out a companywide note to warn colleagues that people were being targeted. Our digital forensics lab was able to discover that, unfortunately, a selection of confidential internal documents had been copied almost immediately after the attack had started. The attackers knew exactly what they were looking for and had actively targeted senior employees knowing that their access level would allow them to find it.

While the digital forensics investigation was underway, Zacco Digital Trust explained the necessity of developing employee awareness and introduced VPhish Pro and eSecure Learning. We helped them conduct a thorough review of their IT rules and security policy and the organisation has now introduced an extensive training programme, which is mandatory for employees, irrespective of their seniority. They launch regular phishing simulation campaigns to test their effectiveness and each employee must pass a series of tests each month from the eSecure Learning platform which details the current tactics used by attackers, both online and off.

The end result is that it is unlikely they will ever recover the stolen information, but lessons have been learned and more comprehensive measures are now in place. Employees of the company are still receiving regular genuine phishing attempts but, instead of being clicked on and phished, these are now being reported using the VPhish Pro Email plugin. The simple act of raising awareness to potential cyber threats has become an integral part of their cyber security capability.