720-891-1663

Return to the list of client alerts

Execs Are at the Highest Risk for Phishing

Those of you who have heard Ray and I talking about phishing know that we always say that a company’s phishing training program needs to specifically target executives. This is an example of why we say this.

A hacker is selling credentials to email accounts of hundreds of executives on the dark web. The accounts, they say (and some security security folks have talked to the hacker and verified this in concept) belong to folks with titles like:

  • CEO
  • COO
  • CFO
  • CMO
  • CTO
  • President
  • Vice President
  • etc.

The seller’s ad looks like this:

hacker-cxos.png

The accounts come with name, title, industry, number of employees, revenue, etc. so you can filter for what is most profitable for the buyer.

These credentials are selling for, at the low end $100 (for an assistant’s email, maybe) to $1,500 per user at the high end, in this particular sale.

Why do they want them? These are the perfect credentials to execute business email compromise attacks from because, with the password, you don’t have to pass through firewalls or spam filters.

The investment is well worth it. I was looking at two attacks in the mortgage industry today. One got away with $440,000 and the other around $405,000. It is pretty easy to calculate the return on investment if you can spend $1,500 to net $400,000+.

One way to slow this down is to use two factor authentication. That way, the password alone will not compromise the account. Unfortunately, at some companies, the execs think that they are too important to have to do that – that two factor is too inconvenient for them. The most famous executive who railed against security was Marissa Mayer, CEO of Yahoo at the time that 3 billion accounts were compromised.

When they say that, just ask them if they are okay having to write a check for $400,000 and explain that to the company owner, Board and/or shareholders why. Or explain, as so many companies have had to do, why operations were shut down for a month as you recover from a ransomware attack. They will probably understand and cooperate. Credit: ZDNet