Monday, March 10, 2014

Forbes: The Problem With Corporate Webmail

This article in Forbes last week was another reminder that when it comes to your email, it's critically important to implement two-factor authentication in addition to other security measures. 

As Forbes' +Kashmir Hill reported, the Syrian Electronic Army’s attack last month started with the infiltration of their webmail system. The SEA had been able to track down their Microsoft Outlook web interface and convincingly spoof it. They were then able to trick a few Forbes employees into entering their credentials on a fake Forbes webmail page after they clicked on links in spear phishing emails. Once the three SEA hackers got into their email system, chaos ensued. Read the full article here. 

An image of the Syrian flag that was uploaded to Forbes’ WordPress image server when hackers gained access to a super-administrator account.

In October 2013 we blogged about the topic of two-factor authentication with some tips on how to implement. We think it's worth re-reading. You can find the blog post here.

"The big takeaway for Forbes and others from our hack: we need additional security measures around our email, notably two-factor authentication."