On Thursday, February 17th, we were a victim of a phishing attack via email from a sitbrush.com account.
These emails contained a link with a request to enter in Office 365 with user name and password, similar to the example below:
We took immediate action with the IT team and within less than 3 minutes of the first sending, the compromised account was blocked. Unfortunately, in less than 200 seconds a lot of emails were still sent.
We recommend that you do not open the link or enter any of your credentials if you are asked for them.
You can delete the emails in question and no further risks or problems will arise. If, however, you have accidentally visited the link and provided your credentials, we recommend that you change your password immediately.
As corrective actions to limit the possibility of such events occurring in the future SIT has:
1. Strengthened security policies in IT systems in general.
2. Intensified procedures for increased security for individual users/accounts, specifically
a. Organized a series of training sessions dedicated to raising awareness of cyber security
b. Implemented an automatic/mandatory renewal of all corporate passwords every 2 months
c. Activated Multi Form Authentication in some accounts where it was not yet active
3. Other small actions aimed at increasing the security of networks, servers and SIT accounts.
We are sharing these guidelines with you for transparency and to help some of you avoid our mistakes.
Once again, we apologize for any inconvenience and send you our best wishes.
The Sitbrush Staff