November 29, 2020
A top threat actor is selling access to hundreds of emails of C-level executives. Prices range from $100 to $1500, depending on the executive’s role and the size of the organization.
As reported by ZDNet, Passwords to email accounts for Office 365 and Microsoft Account of hundreds of high level executives are currently being sold in Exploit.in, an underground forum of Russian speaking hackers. These top executives include
- CEO – chief executive officer
- COO – chief operating officer
- CFO – chief financial officer or chief financial controller
- CMO – chief marketing officer
- CTOs – chief technology officer
- President
- Vice president
- Executive Assistant
- Finance Manager
- Accountant
- Director
- Finance Director
- Financial Controller
- Accounts Payables
These credentials can be used for monetary gain through internal communications, better known as “CEO scams”. These types of scams are in fact part of the well-known and highly popular malicious account attacks, called BEC (Business Email Compromise) attacks that have accounted for half of the losses incurred by cybercrimes in 2019. As we previously published, through BEC, an attacker can obtain access to an organization’s inner email accounts and impersonate them in order to defraud the company, its employees, customers and partners.
The easiest way for preventing hackers from monetizing stolen credentials is using a two-step verification (2SV) or two-factor authentication (2FA) for your online accounts.
Follow Us on the Facebook page for the latest news and insights on cybersecurity.
Stay Safe with TrustNet!
