Cybercriminals have a keen understanding of human nature. They know that strategically targeting individuals with well-crafted and well-timed phishing emails is an effective technique to compromise user accounts, initiate wire transfers, and gain unauthorized access to organizational systems. To enhance the effectiveness of their phishing campaigns, cybercriminals meticulously scrutinize company news, profile executives, understand supply chains, and study employee behavior.
Considering the level of influence C-level executives carry in their business, cybercriminals often impersonate executives when targeting employees and supply chain partners. Spoofing an executive’s email to trick the recipient into performing the cybercriminal’s request (such as wire transfer, disclose tax documents, etc.) is known as CEO fraud, a subset of Business Email Compromise (BEC) scams. This type of attack continues to increase in frequency and effectiveness.
In addition to impersonating C-level executives, cybercriminals also attempt to gain unauthorized access to executive’s accounts. C-level executives are often privy to sensitive information that is highly valued in the darkweb. As such, cybercriminals target executives using well thought out and tailored spear phishing messages to trick the executive into divulging passwords and other sensitive information. Corporate email credentials are immensely valuable to cybercriminals as they can be monetized in multiple ways, including BEC scams.
According to Beenu Arora, Founder and CEO at Cyble, “Senior management and c-level executives are twice as prone to ‘whaling attacks.’ When compared with phishing attacks, these are more challenging to identify due to their highly personalized nature. Targeting the C-suite can be extremely rewarding for a cybercriminal because the ROI is sizeable.”
C-level executives should remain vigilant in identifying phishing attempts, and organizations should implement processes to rapidly identify when executive credentials and personal information are leaked in cybercrime forums. Email and password combinations generally sell for $50 to $2,000 on cybercrime forums. Leaked employee credentials generate significant profit for cybercriminals, with compromised accounts of C-level executives bringing in top-dollar.
“If attackers get access to valid credentials, there is no end to the damage that they can inflict. Accessing internal databases, exfiltrating confidential data, and launching social-engineering attacks are just some of the ways in which threat actors exploit compromised credentials,” says Manish Chachada, Chief Operating Officer at Cyble.
Organizations should consider taking a multi-layered approach to managing the risk of Business Email Compromise (BEC) scams. User awareness training and phishing simulation exercises help lower risks associated with phishing and data breaches. Proper password hygiene and multifactor authentication reduce the damage of credential leaks over time. Proactive monitoring of the darkweb for leaked credentials and personally identifiable information of executives is another key control. Timely identification, analysis, and mitigation of the leak enable organizations to rapidly manage the situation, helping to protect the organization& security and reputation and impacted executives.
