Hi all, just dealt with a phishing attack that came via a supplier’s compromised email account – emailing a fake share folder to their entire address book containing possible malware but also asking users to enter their AD/outlook credentials to download the document – red flag to me that they’re harvesting these credentials, has been dealt with accordingly.
Worrying part is that any users that clicked and were blocked by Forcepoint, we have a log of. But the one user who was able to progress and enter their details in… There is no record of that click.
Note, I don’t administer Forcepoint for the company – just wanted to check if anyone has experienced this before?