A new phishing campaign to steal login credentials is being launched on businesses – specifically the C-suite. Researchers at GreatHorn first discovered the campaign which targets senior executives by claiming to be from the company’s CEO. The fake email regards the rescheduling of a board meeting. By following the link from this email and users are greeted with a Doodle poll lookalike page to rearrange a suitable time for the board meeting, but which actually steals Office 365 credentials.
Called to a meeting with the CEO? Don't be so sure. @ZDNet's @dannyjpalmer reports on a new password-stealing #phishing attack our research team discovered. https://t.co/fi45FbnK9Q
— GreatHorn Inc. (@greathorn) February 4, 2019
Tim Sadler, Co-founder and CEO at Tessian:
“Business email compromise (BEC) campaigns, like any impersonation email attack, seek to defraud an organisation of money or sensitive information by spoofing a trusted individual’s identity. They redirect targets to a seemingly secure application like Microsoft 365
As this attack highlights, high profile and C-level employees of financial institutions are becoming increasingly popular targets of BEC scams because they have access to lucrative data and have the power to authorise high-value money transfers. Last year’s Pathé incident, in which 19 million euros was stolen after the company’s CFO was duped by a BEC email scam, is a prime example of how effective, and costly, attacks can be.
It is clear that no employee, regardless of seniority, is safe from the threat of spear-phishing. As long as email networks remain open and unprotected, clever attackers can effectively masquerade as an employee or trusted partner. With access to global contact lists and a deftness for strong-form impersonation methods, many hacker groups have the resources and know-how to extract valuable data and money at a great scale.”