Proofpoint Threat Research Team Alerts
Situation | You have received an alert about an in-flight attack |
---|---|
Solution | Block or discard all malicious messaging. Inform/educate people of the attack and how to avoid in the future. |
Proofpoint Alerts & Actions
Proofpoint has dedicated resources, Proofpoint Threat Operations, working to stay ahead of bad actors. From time to time their efforts will uncover a bad actor interacting (an in-flight attack) with a domain protected by Proofpoint services. When this happens Proofpoint Support will jump into action with the following:
- Establishing company wide filters (one for inbound and another for outbound) to block interaction(s) with the bad actor
- Document in a ticket the bad actor and the new filters
- Attempt to reach, via phone call, a member of the effected company or their partner/reseller
Many of these attacks involve BEC (Business Email Compromise) or employee impersonation, which can result in quickly perpetrated fraud
Recommendations & Actions effected companies should take
- Acknowledge the alert and ensure the new filter remains isn't removed by other administers in your organization
- Inform members of the organization of the actions of the bad actor and end any actions the bad actor put in motion
- Discard any messages still in company inboxes from the bad actor
- Educate everyone possible of how to avoid situations like this in the future and other fraud, scams, attacks, etc.
Take urgent action on any received alert as scams, fraud, etc. can be perpetrated very quickly