Back to Email phishing

Email phishing

US-based cybersecurity training firm suffers data breach due to phishing attack


In August 2020, The SANS Institute, a US-based information security company, is reported to have exposed 28,000 PII records as a result of a phishing scam. The stolen information includes first and last names, email addresses, physical addresses, countries of residence, work phones, work titles, company names, and industry information of employees.

The breach was discovered in a routine mail system configuration audit on August 6, 2020. The IT security team identified a suspicious forwarding rule and a malicious Microsoft 365 add-in associated with a compromised email account that resulted in 513 emails getting forwarded to a suspicious external email address. However, no financial details or passwords were compromised.

Once the attack was discovered, the IT team removed the forwarding rule and the malicious Microsoft 365 add-in. Apart from the single email account, none of the other employees’ accounts were affected in the phishing attack. SANS is in the process of tightening its security measures and notifying the affected individuals about the incident.

Attackers usually resort to familiar, effective techniques like phishing scams to gain access to email accounts. A smart tool like Exchange Reporter Plus enables organizations to stay ahead of attackers by monitoring for and thwarting email-bound cybersecurity threats. Download a free, 30-day trial of Exchange Reporter Plus today.

How ManageEngine can help you avoid such incidents.

Exchange Reporter Plus provides a host of reports that can help you locate suspicious emails, both sent and received, based on keywords in their subject or body. Often times, these malicious emails appear to be valid, tricking users into opening the emails and clicking on the links embedded in them, which can cause serious damage.

With Exchange Reporter Plus, you can locate emails based on:

  • Messages by subject keyword. Use reports to identify particular keywords in the email subject lines.
  • Messages by body keyword. Identify all the messages in your mailbox that have a particular keyword in the body of the email.
  • Attachment name. Get a report of all emails in your mailbox that have an attachment with a specific name. With the names of the malicious files, you can take the necessary steps to stop email-bound threats.
  • Attachment type. You can spot malicious software based on an attachment’s file extension.
  • The number of emails received from a specific domain, sender, department, or external email address. Get reports on all incoming emails from an external email address, a blacklisted sender or domain, or a specific department.

In addition, ManageEngine M365 Manager Plus provides an advanced Microsoft 365 mailbox content search capability that identifies phishing emails by analyzing internet message headers, subjects, attachments, and bodies of emails. With this feature, you can identify senders' email addresses, the platform used by the attackers, and the servers the emails passed through.

Start your free, 30-day trial of M365 Manager Plus today to try out all these features.


Stay In The Know

Thank you

You will receive weekly cybersecurity news soon!

  • Please enter a business email id
    By clicking 'I'm Interested', you agree to processing of personal data according to the Privacy Policy.

© 2022 Zoho Corporation Pvt. Ltd. All rights reserved.