The Top 5 Executive Spear-phishing Scams



We recommend you copy and paste this section, and send it to your

executive team, with a warning that they might be targeted with

spear-phishing attacks. They need to 'Stop, Look, Think' when they

get emails like this. Or, instead of cut and paste, you can send your

execs this Permalink:

http://blog.knowbe4.com/the-top-5-executive-spear-phishing-scams/



5) "Complaint from the Better Business Bureau". A few execs get this

official-looking complaint that a customer supposedly has filed, or

more recently one that states: 'Your company is accused of supporting

illegal business'. They claim your business is involved in identity theft.

Reply within 7 days, and click on this link with the complaint ID. If

the exec clicks, the PC will be infected with malware.



4) "New Security App For Your Smartphone". Bad guys go to your website

and figure out who your CFO and CEO are. They spoof an email from the

CEO to the CFO and get the CFO to click on something. The CFO's PC is now

infected with a keylogger. This way they know who you are banking with,

and that the bank uses two-factor authentication using the CFO's mobile

phone. Next, they spoof an email 'from the bank' to the CFO that instructs

the CFO to download and install a new security app on their phone, but

this is actually malware under control of the bad guys. Now they have

access to the normal banking logon credentials, but they also control

the two-factor text message sent to the CFO, which opens the door to

all kinds of (expensive) trouble.



3) "Unfortunately, you are part of a layoff". Cybercrime takes

advantage of the current economic conditions and spoofs an email

that supposedly comes from either the CEO or from Human Resources. It

states the employee has been laid off, and please click on this link

so you can claim your severance pay. The link leads to a page that

looks just like the company website and asks for the first name, last

name and SSN# to verify who they are and make sure that they are in

the queue for severance. Double whammy: the PC is infected and the

employee's identity has been compromised.



2) "Free Dinner At Your Favorite Restaurant". The CEO of a company is

singled out for a spear-phishing attack. The attackers do their research

using social media and find that the CEO is active in an anti-cancer

charity as one of the CEO's family members is a survivor. They also

figure out that the CEO has a favorite restaurant about 20 miles away.

They spoof an email from the charity's chief fund-raiser with an

attached PDF that promises a free dinner and please open the PDF with

the new fund raising campaign they need feedback on. One click, the

PC is infected and the network compromised. (Hat Tip to Chris Hadnagy.)



1) "We've been sued". Bad guys go to your company website, look at the

'Executive Team' page and find out who is your In-House Legal Counsel.

Then they do a deep search on the Internet for all email addresses of

your company and find out the address conventions (e.g. first letter

first name, followed by last name). Then they spoof the email address of

your counsel, and attach an infected PDF that pretends to be about new

or pending litigation and send it to two or three execs. They open it and

bingo, your network is compromised.



Attacks like this happen all the time. There are still many organizations

that do not have Sender Policy Framework (SPF) enabled. Having SPF

configured correctly blocks most spoofing attacks in the examples

above. And of course Security Awareness Training for all staff,

especially the execs is a -must-, as they are prime targets. Here is

a link to more data on SPF:

http://en.wikipedia.org/wiki/Sender_policy_framework
 
 

Related Pages: Spear Phishing




Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews