One of our co-workers followed a phishing link and entered their Google for Busi

Question

One of our co-workers followed a phishing link and entered their Google for Business account credentials. We have reset their password, is there anything else we need to do? (We also used this as a reminder for everyone to enable two factor authentication.)

The mail was also sent in their name to our staff mailing list (in BCC), so I assume it was also sent to other contacts in the address book. The headers indicate it was sent via Gmail, not from an external SMTP server (we have SPF records that only allow Gmail). Can we see who else got this mail, and is it useful to send a warning to them?

Explanation / Answer

Block the phishing link in the company firewall. If the co-workers only read their mails in the office, this would suffice. But this seems highly unlikely. Further steps if the co-workers use company laptops, block the link on the laptop firewall too. Lastly, if they access it from any other personal device, make sure they know a phishing mail is going around which they should not click on. Attach a screenshot to the mail you sent around, on how the mail looks like. Besides that there is not much you can do other than scanning the computers where the link has been opened. Malware could have been installed through a drive-by download. Where malicious applications get installed through browser vulnerabilities. Hope this helps! Good luck

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.