Home > Knowledge > Resources > Web-based corporate email compromises rapidly increasing

Web-based corporate email compromises rapidly increasing

The CFC Incident Response team has seen a surge in cybercrime against corporate web-based email accounts, like Office 365. Criminals compromise corporate email accounts by reusing credentials from well-known public data breaches to guess employee passwords.

Article 3 min 10 Sept, 2018

Once they have access, they use these accounts to perpetrate funds transfer fraud and send malicious emails. Recent cyber claims made to CFC indicate that even strong or complex passwords are often not enough to protect employee email accounts from compromise.

Enable Multi-Factor Authentication to Prevent Email Compromise

Multi-factor authentication can improve the security of web-based email accounts by requiring an additional verification step for any external connection to email (for example: a code generated by a mobile app or through an SMS message). Most email systems provide multi-factor authentication and will allow users to establish ‘trusted devices’ to reduce the inconvenience of entering a code every time they log in. CFC encourages all clients to consider implementing multi-factor authentication to improve the security of their web-based emails systems.

Additionally, it is critical that IT administrators enable the right logging in the event that your mailbox is compromised as it can help you determine if attackers have compromised your private data. Properly configured, email systems such as Office 365 even allow you to set up alerts in the event certain security conditions are met which can help you quickly catch the attacker.

By default, Office 365 has limited logging of security events, and needs to be manually configured to make the investigation of suspected compromises possible. It is strongly recommended that all of the below stages are completed to enable an effective investigation in the event of an incident.

The three phases are as follows:

  1. The Unified Audit Log search must be turned on (documentation here)
  2. Mailbox Auditing must be enabled for all accounts (documentation here)
  3. Mailbox Owner events must be enabled (PowerShell script available here, API documentation here (look for the – AuditOwner section))

Additional Resources:

If you are using Office 365 for your business, you can find more information about enabling multi-factor authentication at no cost from Microsoft’s web site here. In addition, you can find information on how to enable mailbox auditing in Office 365 here. Lastly, Office 365 has a page for assessing how secure your configuration is, called the Secure Score, which is available here

You might also like

Greentech guide: Top exposures and risk appetite

As greentech rapidly expands, insurance is evolving to address key risks in the sector. Discover how our risk appetite is adapting to meet these ne...

Technology Article 3 min 12 Nov, 2024

Reducing risk in carbon markets

If carbon insurance is to be an effective risk transfer mechanism for investors in carbon credits, then those risks must be assessed and managed ac...

Carbon Article 5 min 7 Nov, 2024

Case study of a professions policy in action for a multi-disciplinary company

Today’s businesses are constantly evolving and at CFC, we understand that your insurance needs to keep up with these changes. Our comprehensive wor...

Professional liability Article 5 min 5 Nov, 2024