Targeted Phishing Threatens High-Ranking Business executives
The emerging phishing campaign detected at least since May 2020 has been targeted at high-ranking executives across the manufacturing, real estate, banking, government and technology industries, with the intention of acquiring confidential information.
The campaign is based on a social media trick that entails sending emails to prospective victims containing bogus Office 365 password expiration notices as lures. Messages also provide an embedded connection to maintain the same password that, when tapped, redirects users to the Credential Harvesting phishing tab.
Trend Micro researchers said that the attackers attack high-profile employees who may not be as technically or cyber-savvy and may be more likely to be fooled by clicking on malicious links.
According to the researchers, the majority of targeted email addresses were obtained from LinkedIn, though acknowledging that attackers may have bought such target lists from marketing platforms that provide CEO/CFO email and social media profile info.
The Office 365 phishing pack, now in its fourth version (V4), is said to have been launched initially in July 2019, with new functionality introduced to detect bot scanning or crawling attempts and to include alternate content when bots are identified. Interestingly, the suspected malware creator revealed V4’s availability on their “business” Facebook page in mid-2020.
In addition to marketing the phishing package, the actor has also been found to bundle the accounts of CEOs, Chief Financial Officers (CFOs), finance department employees, and other high-profile executives on social media sites.
What’s more, Trend Micro’s investigation discovered a potential connection to an underground web user who was caught selling a credential harvester tool as well as stolen C-Level account credentials anywhere from $250 to $500, repeating previous stories late last year.
The researchers discovered at least eight infected phishing sites hosting the V4 phishing package and posed the likelihood that various actors will use them for a wide variety of phishing operations aimed toward CEOs, presidents, board members and entrepreneurs of companies based in the U.S., the U.K., Canada, Hungary, the Netherlands and Israel.
“While organizations are aware and wary of the information they include in public-facing websites and platforms, their respective employees should be constantly reminded to be mindful of the details they disclose on personal pages,” the researchers concluded. “These can be easily used against them for attacks using social engineering techniques.”