Recently, it was the birthday of electronic mail. To celebrate the occasion, we would like to share a case study from our practice that involves email.

A large company had been using our protective solution for a while. To keep the intrigue alive, we will not reveal the name of the product for now. Just a little hint: it detects cases of corporate fraud and profiteering.

One day, an information security specialist received an alert, that  a suspicious email was sent to the company’s CFO. 

In the letter in question, the recently dismissed employee accused her former manager of arbitrariness and cited compelling evidence to prove her point. The company's management had a reason to believe that there might had been arbitrariness among employees, but there was no evidence that time. The incident prompted the launch of an investigation.As it was revealed, the arbitrariness took place indeed. Such incidents are dangerous, as they can lead to the loss of skilled workers and to  serious financial loss.

After a step-by-step investigation was performed, evidence of guilt was gathered and the CFO was removed from his position.

Incidentally, email is often involved in information security incidents. There are numerous cases of email being used  for data leakages;  for criminal conspiracy and fraudulent attacks. Email attacks are one of the most popular ways for cybercriminals to compromise an organization’s data. That's why our solution, SearchInform RiskMonitor (which is the complex platform for internal threat mitigation ), not only records all email correspondence, but is also capable of detecting phishing and potentially dangerous emails in employees' mailboxes.

And let this story be just one more reason to take the necessary steps to protect your business from the external and internal threats, posed by email.