Passwords for executives within companies across the globe are being sold on underground forums.
Email and password combinations for Microsoft and Office 365 accounts have been found on forums for sale for prices ranging from $100 to $1,500, depending on the user’s role and company size.
According to a source within the cyber security community who had requested samples to confirm the quality of the data, the validity of the data has been confirmed based on data for two credentials that they obtained.
This obviously presents a worrying risk to companies for CEO related fraud and business email compromise.
Google identified over 2 million phishing sites last year, escalating as the pandemic continued, as well as a huge spike in malicious websites.
Another worrying trend is that some people are being cruelly targeted by cyber criminals. Criminals are using phishing emails to target individuals in companies notifying them of their redundancy or termination in contract due to the covid situation and providing links for more information to the unsuspecting employee, which then downloads malware.
Cyber criminals always have and always will prey on people’s vulnerabilities to bypass the human firewall.
Here are some top tips of what to look for in malicious emails:
- Be wary of emails notifying you of termination of contract/redundancy —if you receive one, it is probably fake as HR departments do not usually use email to notify employees of such actions.
- Be vigilant about phishing schemes and spoofing campaigns using executives’ identities.
- Think twice before you click or say ‘I agree.’
- Don’t open any attachments or click on any links that you are not expecting.
- Pick up the phone to confirm suspicious emails, links or attachments.
It only takes one team member to fall for one of these scams and the attacker has got into your network.
Employers should give cyber security awareness training on a regular basis to add that extra level of threat defence.
In addition, we offer companies a Dark Web Scanning service. This scan searches the Dark Web for employees’ credentials that are for sale and then give you the action you need to take to protect those compromised accounts.
If you would like more information on our Dark Web Scanning service or cyber security training for your employees, please get in touch.