Following the news that a phishing campaign is targeting executives across a number of industries with messages asking to reschedule a board meeting in an effort to steal logins and passwords, Corin Imain, Senior Security Advisor at DomainTools, provides insight on this increasingly popular type of attacks.
Corin Imain, Senior Security Advisor at DomainTools:
“Spear phishing attacks tend to be more targeted, sophisticated and harder to detect than regular phishing campaigns. Just one employee clicking on a malicious link can create an entry point for cybercriminals to gain access to the entirety of an organisation’s network. For this reason, it is essential to educate the workforce to the risks of opening emails from an unrecognised sender and about the best practices to spot a fake email from a genuine one. This is not always possible or effective though, as fake emails become more and more sophisticated.
It is not surprising that the criminals behind this attack chose to redirect employees to a fake Microsoft 365 landing page: Microsoft remains the most impersonated brand by phishers because of its recognisability and popularity. Neither is it surprising that the emails arrived from senior officials within the companies, which is a common practice in BEC attacks: employees want to perform well at work and would recognise their bosses name as a trusted sender.
While involving employees in cybersecurity best-practice training course can certainly help to reduce the risks posed by phishing attacks, organisations should also consider more proactive methods to spot malicious domains before they strike, and should invest in an efficient, regularly updated email filtering system. We are unlikely to witness a decrease in this kind of attacks as long as they continue to be effective: there needs to be a conscious, collective effort to minimise their success in order to make them go out of fashion.”