IR Hotline Numbers:

+44 20 3318 1470
+60 154 877 0076
+61 2 7908 1745
+65 3165 8788
caution icon

Experienced a breach? Reach us now

company logo

Incident Response

Conducting a Forensic Investigation into a Business Email Compromise Attack

Conducting a Forensic Investigation into a Business Email Compromise Attack

The Background

The client is a leading Energy as a Service (EaaS) provider to high-quality commercial and industrial customers. They deliver, operate, and maintain distributed energy solutions in eight countries, adopting the EaaS operating model. The client was in the middle of a business deal when a business email compromise happened on their system. Overseas logins appeared in the client's email account. Pragma security experts began an in-depth investigation to understand how the Threat actor had gained access to the systems and what possible malware was involved.

The Process

Pragma worked closely with them until the Threat actors were entirely eradicated from their system. They implemented some of the most innovative techniques to eliminate the threats and return the client's systems to normal. Pragma followed a phased approach to scope and completed this engagement. Pragma interviewed the client for a preliminary incident assessment and high-level information gathering. The process:

Data Collection: We collected data from O365 accounts and associated systems, including email, OneDrive, SharePoint, and other data sources. We exported data using forensic tools or utilising Microsoft's eDiscovery feature.

Data Preservation: We collected and preserved data in its original state to maintain its integrity and authenticity.

Data Analysis: We analysed the collected data using forensic tools and techniques, including keyword searches, email thread analysis, and metadata analysis, to identify relevant information. We analysed the client's Microsoft O365 logging configuration.

Reporting: We prepared a detailed report of the findings, including a description of the data analysed and the analysis results.

Pragma also performed a dark web exposure scan, O365 security review, and workstation analysis.

The Result

Pragma recommended various measures to prevent future attacks or violations. By implementing our recommendations, the client can minimise their security risks and provide their customers with a high level of confidence regarding their security.


Forensic Investigation
Business Email Compromise
Threat Actors
Security Experts
System Eradication
Innovative Techniques
Incident Assessment
Data Collection
Data Preservation
Data Analysis
O365 Security Review
Workstation Analysis
Dark Web Exposure Scan
Security Risks
Prevention Measures
Customer Confidence

Join the Pragma Community Today



Cyber Advisory

Technology Risk

Compliance, Conduct, and Regulatory Risk

IT Audit


Pragma Logo

Terms & conditions

Privacy Policy