Back to cases

Phishing Campaign Targeting Finance

high
in-progress
TLP: amber
PAP: white
phishing
finance
email
Case Details
Case #CASE-1233 | Created: April 12, 2023 at 09:30 AM

Multiple employees in the finance department have reported receiving suspicious emails claiming to be from the CFO, requesting urgent wire transfers. Initial investigation suggests a targeted phishing campaign.

Assignee:
JDJohn Doe
Last Updated:April 12, 2023 at 02:45 PM
Edit Case
Related Items
Items linked to this case

Alerts

ALERT-2345
Suspicious Email Detected
ALERT-2346
Unusual Login Attempt

Observables

Email
cfo-urgent@malicious-domain.com
IP Address
192.168.1.254
URL
https://fake-finance-portal.com/login
Case Timeline
Chronological history of case activities
JD
John Doe
creation
Apr 12, 09:30 AM

Created the case

JD
John Doe
status change
Apr 12, 10:15 AM

Changed status from Open to In Progress

AS
Alice Smith
assignment
Apr 12, 10:20 AM

Assigned case to John Doe

JD
John Doe
comment
Apr 12, 11:45 AM

Initial analysis shows this is a targeted phishing campaign. The emails contain a malicious attachment that attempts to steal credentials.

JD
John Doe
evidence added
Apr 12, 01:30 PM

Added email sample as evidence

BJ
Bob Johnson
task completed
Apr 12, 02:45 PM

Completed task: Block sender domains in email gateway

JD