I’ve responded to incidents before and the procedure was to address the immediate problem, then prevent it from happening again. When your software sends out phishing mail, the immediate problem is that people will click the link and potentially be harmed by what is behind it. So you first send out something telling people to not click the link. Then you can delete accounts etc. At least that’s how I would do it.
I’ve responded to incidents before and the procedure was to address the immediate problem, then prevent it from happening again. When your software sends out phishing mail, the immediate problem is that people will click the link and potentially be harmed by what is behind it. So you first send out something telling people to not click the link. Then you can delete accounts etc. At least that’s how I would do it.