Connect with us

Hacker News

Phishing the Big Fish

Hacker News Malware

Emotet Malware Makes a Comeback with Fresh Attacks After Three Months of Silence

Hacker News Vulnerability

Lazarus Group Found Exploiting Zero-Day Vulnerabilities in Latest Cyber Attack

Hacker News

Chinese hackers develop new custom backdoor to evade detection

Hacker News

Hackers are exploiting vulnerabilities in containerized environments

Hacker News

Play Ransomware Group Brags About Disruptive Attack on City of Oakland

Hacker News

Chinese State-Sponsored Hacking Group APT31 Targets European Organizations

Hacker News Vulnerability

Researchers Uncover New Security Vulnerabilities in TPM 2.0 Library

Data Breaches Hacker News

Dark Web Marketplace Bidencash Leaks 2 Million Stolen Credit Cards for Free

Hacker News

White Hat Hacking Does Pay: Pwn2Own Shells Out 980,000 in Rewards

Hacker News

Phishing the Big Fish

Published

2 years ago

on

Phishing the Big Fish

When fishing, you of course go for the big fish. The bigger, the better. Same goes for phishing. You go for the executives, not the rank and file, because the execs have the resources, the connections and the bigger bank accounts.

 

However, when fishing, you never know what you’re going to get, unless you’re familiar with the waters you’re in and what’s swimming in them. The same with hackers, who have evolved to know who they need to attack and how to get to them. Phishing has now evolved in a way that targets high-ranking company executives and targeted phishing campaigns have seen a rise since May 2020 according to Trend Micro.

 

“…The attackers target high profile employees who may not be as technically or cybersecurity savvy, and may be more likely to be deceived into clicking on malicious links… By selectively targeting C-level employees, the attacker significantly increases the value of obtained credentials as they could lead to further access to sensitive personal and organizational information, and used in other attacks,”

–Trend Micro

 

Attackers use very convincing phishing emails targeted at Office 365 accounts in the guise of account expiration alerts. For execs who are unaware and are not as tech-savvy, these could easily be mistaken as valid. The messages of course contain links that redirect users to fake sites where execs can enter their current passwords as well as a prospective new one, as well as other credentials.

 

So where do the culprits get their targets from? LinkedIn is a nice place to start where execs and other employees post their company and contact information to, as well as the usual suspects from the dark web where harvested databases can be bought from.

 

Organizations who seek to market themselves through social media and wish to get engagement by posting contact information should be very wary of phishing campaigns. When it comes to Office365, it’s best to have an internal IT security team or an outsourced one with whom employees can confirm whether expiry alerts or other such emails are valid.

 

Related Topics:
Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *