A new phishing campaign first seen in May of 2020 targets high level executives in multiple private sector industries including manufacturing, real estate, finance, and government. The fake email notifies the C-level employees that their Office 365 password has expired and provides a link that supposedly allows them to reset it. The malicious link redirects them to a phishing page that steals the employee’s credentials. Binary Defense analysts often come across compiled lists of email addresses of company executives on the Dark Web; the email addresses are usually taken from sites such as LinkedIn.
These targeted attacks show that any member of any company can be the victim of a phishing campaign. It is important that all employees at every level are trained and educated on current phishing scams and tactics. Identifying suspicious URLs or email addresses or knowing when an attachment may be malicious can prevent an attack brought on by a phishing email. Spelling and grammar errors are also common in phishing scams as are suspicious links and mismatched domain names. If an email claims to be from a reputable company but the email came from a separate domain, it is likely a scam. Multi-factor authentication also provides a strong barrier against phishing attacks because it requires an extra step for cybercriminals to overcome in order to conduct a successful attack. Companies should also utilize a service such as Binary Defense’s Managed Detection and Response service to monitor endpoints for any abnormal activity and identify attacks early before they can cause damage. The Binary Defense Counterintelligence team conducts deep-dive investigations for specific employees to ensure their information has not been compromised on the Dark Web, and can continuously monitor Dark Web markets and forums on behalf of our clients to alert them any time company or employee information appears so that the company can take proactive defensive steps to prevent damage and financial loss.