Phishing the Big Fish
When fishing, you of course go for the big fish. The bigger, the better. Same goes for phishing. You go for the executives, not the rank and file, because the execs have the resources, the connections and the bigger bank accounts.
However, when fishing, you never know what you’re going to get, unless you’re familiar with the waters you’re in and what’s swimming in them. The same with hackers, who have evolved to know who they need to attack and how to get to them. Phishing has now evolved in a way that targets high-ranking company executives and targeted phishing campaigns have seen a rise since May 2020 according to Trend Micro.
“…The attackers target high profile employees who may not be as technically or cybersecurity savvy, and may be more likely to be deceived into clicking on malicious links… By selectively targeting C-level employees, the attacker significantly increases the value of obtained credentials as they could lead to further access to sensitive personal and organizational information, and used in other attacks,”
Attackers use very convincing phishing emails targeted at Office 365 accounts in the guise of account expiration alerts. For execs who are unaware and are not as tech-savvy, these could easily be mistaken as valid. The messages of course contain links that redirect users to fake sites where execs can enter their current passwords as well as a prospective new one, as well as other credentials.
So where do the culprits get their targets from? LinkedIn is a nice place to start where execs and other employees post their company and contact information to, as well as the usual suspects from the dark web where harvested databases can be bought from.
Organizations who seek to market themselves through social media and wish to get engagement by posting contact information should be very wary of phishing campaigns. When it comes to Office365, it’s best to have an internal IT security team or an outsourced one with whom employees can confirm whether expiry alerts or other such emails are valid.