Notes from the Field: Center for Internet Security Control 09 – Email and Web Browser ProtectionsÂ
A small SaaS (Software as a Service) client I worked with recently mentioned an information security incident they experienced a year ago in which the email account of one of their sales representatives was compromised via a phishing attack. The attackers gained the credentials of the sales rep, obtained email addresses of customers, and sent emails to the company's customers with false offers to buy discounted services. The attackers had scraped…