Stopping the spread of a sophisticated spear phishing attack

A case study on work that Notion Digital Forensics have completed.

Notion Digital Forensics faced a cyber emergency involving a customer of an IT Managed Service Provider (MSP). The customer was a professional services business, whose head of marketing had their email compromised by a sophisticated spear phishing scam. The professional services firm’s Microsoft Office 365 account was copied, and thousands of business contacts were extracted. Subsequently, those contacts received a targeted phishing campaign. The situation called for urgent measures to contain the breach, assess its impact, and develop a rapid response plan.


Our objectives were to swiftly work with the MSP to determine the extent of the breach, identify any compromised information, and ascertain if the breach had spread throughout the organisation. Additionally, we sought to provide information rapidly to the customer, enabling them to reach out to people who received the phishing attack. The value we provide to MSPs lies in our experience handling numerous breach cases, ensuring our decisions are defensible based on available information, our experience, and industry best practices. This approach offers the best chance of recovery.


We commenced an in-depth investigation to pinpoint the origin of the breach and deployed advanced digital forensics tools to analyse the affected systems. By evaluating the company’s Office 365 logs and the computers of targeted staff, we effectively tracked the breach’s progression and impact on the business. We quickly determined what data was taken and helped to rapidly contain the extent of the breach. Furthermore, we provided information to Google and Microsoft to have the phishing URLs blacklisted.


Our investigation identified the initial source of the breach, allowing us to contain it effectively. We found that the intrusion had not spread to other parts of the business, minimising the overall impact. We were able to ascertain the specific information that had been stolen, enabling us to inform the affected customers promptly. By working with providers like Google and Microsoft, we were able to prevent further victims from falling into the trap of the criminals.


Notion Digital Forensics’ timely intervention and comprehensive investigation helped the professional services business mitigate the breach’s effects. Our expertise in digital forensics enabled the company to regain control over their systems, reassure their customers, and safeguard their reputation in a timely manner.

About Notion Digital Forensics

Notion Digital Forensics are technical experts in cybersecurity, e-discovery, and digital forensic investigation and cyber-defence for business and lawyers.

Other Case Studies

Get expert advice for your case. Contact us now

or phone us on 02 8006-0855

Important Notice

Preserving Confidentiality

The case study presented above is based on real events. To protect the identities of the parties involved, we have altered certain facts and details. These changes may be minor or significant and may include the inclusion of false information. Our aim is to maintain confidentiality for those involved.

Seek Customized Advice

Cybersecurity and digital forensics are specialised fields with various options and trade-offs. The information provided on this website may not be applicable to your specific situation. It is highly recommended that you seek tailored advice from an expert before taking any action. We are cyber security specialists, but we may not be your cyber security specialists. Seek professional advice.