It is now commonplace for companies to be compromised via others in their supply chain!
- A company that one of your employees regularly deals with has a system compromise, most likely e-mail or CRM.
- Your staff member receives one more e-mail in a thread of emails. It hasn’t been filtered out externally because it is from the genuine mailbox!
- The email contains relevant information that only the genuine person would know and doesn’t read any differently to any other e-mail recently received. Signed off like all the others and containing the corporate footer, in this scenario it is difficult to point the finger at your employee – this is social engineering at its most devious!