Cybercriminals Working Hard to Take Over Email Accounts

by May 16, 2018 0 comments

In this first example, criminals took over an account of a finance employee. The employee most likely followed a phishing link from the attackers, which prompted them to enter their credentials into a fake Outlook sign-in page. Once they did that, the criminals had their credentials, and could use them to access the email account.

The criminals then sent out emails to over a dozen members of the finance team from the compromised account. The goal of the compromised emails was to steal additional credentials. Here’s the message that was sent:

The message itself seems innocuous—a quick note that notifies the recipients that an invoice has been paid. However, if the other employees click on the link, they’ll be taken to a fake Office 365 sign-in page where they’ll be asked to enter their credentials. If they move forward and submit their credentials, their accounts will be taken over by the criminals as well.

On their own, stolen credentials of a reputable organization are worth a handsome sum in the dark web. They can be sold to launch additional phishing campaigns, which will have a high chance of success since it would be coming from a high-reputation domain.

In addition, these stolen credentials can be used to conduct spear phishing, or CEO fraud attacks. In these attacks, the hackers send an email from the compromised account with the goal of tricking the recipient (who is usually in the finance department) to send a wire transfer to a bank account owned by the attacker.

There are many variants of emails cybercriminals use to steal credentials

Similar to what we saw in the first example, a user’s email account was also taken over; however, this time the criminals took a different approach with the included link. They included a OneDrive share link that when clicked, will lead to a fake sign-in page used to steal credentials.

In this particular attack, the criminals logged in multiple times to the user’s account, gathered targets from the user’s address book, and sent out hundreds of emails to both employees and external contacts.

As you can see, once criminals steal user credentials, these attacks can snowball quickly. And what’s really scary, is that standard email security solutions won’t detect these types of attacks because they originate from internal emails.

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.