IT Phishing Issue – April 29th, 2021
On April 29th Shajani was on the receiving end of a phishing attack in which our team clicked on an attachment within an email that they should not have. This resulted in several of our contacts receiving similar phishing emails from a Shajani.ca email. The initial email came from a source our team knew and trusted and via a trusted Microsoft platform, like the phishing email several of you received from our team member.
We regret this incident and apologise for the inconvenience and confusion this has caused.
What you should do?
As a precaution, we advise if you clicked on the attachment and entered a username and password, you should change that password.
An email from a known person was received, where a PDF file was being shared via SharePoint. Although presented in a legitimate Microsoft SharePoint link, the PDF contained an external URL, which mimicked a Microsoft sign in page and asked the user to re-enter their Microsoft credentials. The credentials were collected by the hacker and used to sign into the user’s web-end Outlook and share the same PDF file from the user’s SharePoint account. The hacker also placed an RSS forwarding rule in the account, to receive all incoming emails.
What we did to address this?
The affected user account was immediately blocked then secured. The shared PDF file was located and removed. The RSS rule, which used IMAP protocol for forwarding was removed, IMAP and POP3 protocols were disabled for all user accounts. Web-end Outlook was also disabled. An email to those who received the initial phishing email was also sent with a warning.
Shajani Cloud was not affected and remains secure.
All cloud storages used by Shajani are encrypted, secured and are inaccessible without proper credentials.
Information we store is secure.
All platforms used to store client information are segregated both from Microsoft and from each other. All client information is stored either in heavily encrypted cloud storage or Shajani servers, to which only our employees have user access. That model is in place purposefully, with cyber security in mind. Only a handful of highly knowledgeable / skilled IT personnel have administrative access to Shajani servers.
Absolutely no sensitive client information stored at Shajani’s cyber domains was threatened in this incident, and no information was leaked.
What are we doing to prevent this from re-occurring?
We are educating our employees to be more vigilant when it comes to recognizing such attacks and to be more capable when it comes to spotting illegitimate / spoofed pages, thus, avoid similar incidents in the future.
Shaifq Shajani and Nizam Shajani
Shajani LLP Chartered Professional Accountants and Advisors
This information is for discussion purposes only and should not be considered professional advice. There is no guarantee or warrant of information on this site and it should be noted that rules and laws change regularly. You should consult a professional before considering implementing or taking any action based on information on this site. Call our team for a consultation before taking any action. © 2021 Shajani LLP.
Shajani LLP is a CPA Calgary, Edmonton and Red Deer firm and provides Accountant, Bookkeeping, Tax Advice and Tax Planning services