Case Study: Email Fraud, Phishing – In China

Amer Asia ReportBackground: The China based purchasing department of a U.S. publicly traded company (A) received a payment account change notice via email from a supplier (B) requesting payment detail changes including the amount and bank account for deposit. The financial department of company A discovered this abnormality and prevented the fraudulent payment in a timely manner. At the same time, it reported to this event to their U.S. based IT Security Department to conduct a security incident investigation................Investigation process: Company A and Company B entrusted AmerAsia Company in China to investigate the fraudulent emails, conduct evidence preservation on the computers of relevant personnel, and extract all the logs of the email server. In addition, personnel involved in the companies also provided some key email exchanges. Through analysis, it can be found that the email communication seems to be normal, but the emails are actually sent by fake people. It is found that there are many abnormal logins in the mailboxes of the personnel involved in Supplier B Company (IP addresses from abroad), and there may be a leakage of the mailbox password or the disclosure of the mailbox password due to phishing...............Investigation results: The mail server (Exchange) of Company A has security risks and cannot identify fraudulent emails. Company A has adjusted its IT security strategy, adds DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework) and other email validation strategies based on our company's recommendations...............info@amerasiacompany.com | jerrychiu@amerasiacompany.com

Go To The Article

AmerAsia Company



AmerAsia Company - Beijing AmerAsia China IT ConsultingData DrillData DerrickAmerAsia ReportReciprocity Project