Sophisticated New Phishing Campaign Targets the C-Suite (Feb 5, 2019)
A new phishing campaign attempting to steal login credentials has been observed to be specifically targeting C-levels and executives in organisations, according to researchers from GreatHorn. The phishing emails appeared as requests to reschedule a meeting and provides a URL link to a page that looks similar to a "Doodle" poll site to then rearrange for a suitable time. The webpage is a phishing site designed to steal Office 365 credentials. Interestingly, if the phishing email is viewed on a mobile device, the sender of the email is changed to "Note to Self" which is a new feature in Microsoft Outlook that activates when a person emails their self something. Because of this, the likelihood of the user falling victim to the attempt increases. Depending on the email client used, the phishing email could be filtered and put into the "Spam" folder, though this does not inhibit users from continuing to interact with the email.
Recommendation: Spear phishing emails represent a significant security risk because the sending email will often appear legitimate to the target; sometimes a target company email is compromised and used for such emails. Education is the best defence. Inform your employees on what to expect for information requests from their managers and colleagues. Employees should also be aware of whom to contact when they suspect they are the target of a possible spear phishing attack.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.