A hacker impersonating Company A, emails Company B an information pack. A user at Company B clicks to download it.
The user was asked to insert their email account password for the download. They do so.
Instead of downloading an information pack, the hackers were able to steal the user’s browser cookies.🍪 This includes the ‘this browser is safe’ cookie to bypass MFA.
With the password, and the ability to bypass MFA, the hackers were able to access the users account, and cause further disruption through impersonation emails internally.
An internal payment request was made from the user, along with a fake invoice for £21,000 for a ‘retainer’. The recipient went to make the payment, but stopped when they realised the bank details did not match.
The recipient responded to the user, but the hacker wrote back, continuing to impersonate the user at Company B.
At this point, the recipient was concerned by the information, and raised the request higher up in the company. They then raised a ticket with our engineers here at Breakwater to investigate.