A phishing campaign specifically designed to steal the login credentials of those in the C-suite is in the works. It comes in the form of an email that appears as though it’s from the target’s CEO.
The email reels people in with a message related to rescheduling a board meeting. A link within then sends the user to a fake Doodle Poll page, to select a meeting time. At this point, the phishing scheme steals the person’s Microsoft Office 365 credentials.
According to ITPro, on a mobile device, the scam is even worse. “If viewed on a mobile device, the sender name is changed to ‘Note to Self’, a feature in Outlook that is activated when you email yourself something.” This could make it even more credible to the user.
With the plethora of personal data out in the wild due to data breaches, spearphishing attacks have been on the rise. In fact, according to the latest Check Point Research security report, 76 percent of organizations experienced a phishing attack in the past year. Unfortunately, all it takes is one person’s credentials to be hijacked for serious consequences to unfold.
ITPro reports that these spearphishing attacks seem to be nondiscriminating in terms of targeting victims. They hit organizations of all sizes and all industries. The emails, they say, are consistent in terms of body copy, subject line, and sender address.
Many companies regularly test their employees’ phishing awareness. Last week, Google’s parent company, Alphabet, published a phishing quiz that anyone can take. Training all staff–including and especially executives–to discern spearphishing attempts is critical. It’s not just the Prince from Nigeria that people need to watch out for. Data leaks and privacy abuses have created the potential for hackers to create detailed dossiers that lend credibility to online impersonation attempts.
Get the full story at ITPro.