SANS Institute Phishing Attack Leads to Theft of 28000 Records

Would you be able to spot if someone was forwarding mail outside of your domain?…:

[…] SANS Institute confirmed to Infosecurity that the exposed data belonged to individuals that had registered for one of its virtual summits and “was intended for community outreach purposes.” That means no customer or instructor records were compromised.

In total, 513 emails were forwarded to the external address, exposing nearly 30,000 records of PII. A malicious Office 365 add-on was apparently installed on the victim’s machine as part of the attack.

[…]

Original article here