Phishing Attacks Disguised as an Email From the Boss

Getting an email from the boss isn’t always a good thing, but in this case, it could be even worse. A widespread phishing campaign has been discovered that is targeting executives at many companies. The campaign uses fake messages from bosses to try and obtain usernames and passwords.

Discovery of the Campaign

Researchers at the security firm GreatHorn discovered the messages that use spoof names and email addresses of company CEOs. The emails use the company name and a note about a meeting to gain the user’s attention.

Because these messages appear to come from the boss, workers are more likely to fall for the scam.

How the Phishing Works

The email is simple, it tells the employee that a meeting has been cancelled and that they need to choose a new date. When users click on the link to reschedule they are taken to what appears to be a page for Microsoft Outlook and Office 365.

However, the page is part of a phishing site and any information entered into it will be gathered by the hackers. Viewing the message on a mobile device shows a slightly different message, but the effect is the same.

High-Level Targets

This particular phishing email attack is targeting high-level executives like CFOs, CTOs, and SVPs. Obtaining usernames and passwords of such high-level people means the attackers can get access to sensitive company information.

It is also possible that these attacks can be used to target others in further malicious campaigns.

Prolific Attacks

GreatHorn states that this type of fake meeting attack is becoming more prolific. It found one in seven of its customers were being targeted by the scam. In all of these cases, the attackers were stopped before damage could be done.

It is thought, however, that the phishing URL is still active, and the campaign is still running.

It is advised that executives are suspicious of emails that contain a subject line similar to the following:

[Company Name] February in-person Board Mtg scheduling (2/24/19 update)

 

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil