I’ve responded to incidents before and the procedure was to address the immediate problem, then prevent it from happening again. When your software sends out phishing mail, the immediate problem is that people will click the link and potentially be harmed by what is behind it. So you first send out something telling people to not click the link. Then you can delete accounts etc. At least that’s how I would do it.
Hey Richard—this is as immediate as it gets (i.e, it was sent once we’d removed the accounts, deleted their messages etc...)
Glad to hear not everyone was affected!
I’ve responded to incidents before and the procedure was to address the immediate problem, then prevent it from happening again. When your software sends out phishing mail, the immediate problem is that people will click the link and potentially be harmed by what is behind it. So you first send out something telling people to not click the link. Then you can delete accounts etc. At least that’s how I would do it.