CEO Scam or Business Email Compromise (BEC) has been around for many years and there has always been an impression that email spam is well-controlled. However, phishing and BEC attacks require special attention as an increasing number of organizations move their email service to software as a service (SaaS) platforms like Microsoft Office 365 (O365) or Google G Suite. BEC scams are initiated through phishing kits designed specifically to mimic cloud-based email services in order to collect credentials from victims.
This Incident Response (IR) Playbook addresses IR issues on the fast-expanding usage of O365 SaaS application. Blackpanda prepared this playbook based on our experience in handling these kinds of incidents in order to help end-users or system and security administrators take the necessary mitigating actions when phishing emails or suspicious BEC activities are found.