Selected work · Anonymized · Portfolio entry

Business email compromise response

Incident response for business email compromise—containment, forensics, and controls to prevent repeat wire fraud.

Context

Organizations that detected suspicious inbox rules, forwarded invoices, or wire-change requests.

Problem

Attackers had mailbox access or impersonation paths. Finance needed to know what was touched; IT needed containment without shutting down the business.

What we advised and built

Contained affected accounts, reviewed mail flow and rules, reset credentials with MFA enforcement, and documented wire-change verification steps for finance.

Outcome

Containment with a clear timeline for leadership and insurers. Hardened identity and payment verification habits—not just password resets.

Free Workflow Diagnostic Discovery call — $99