Account Takeover

A successful phishing attempt can result in stolen login credentials. And when your credentials are compromised, it can lead to an account takeover. With access to one of your accounts, a criminal has the opportunity to cause major headaches for you and your employer: they could steal personal information contained in the account, gain access to other accounts of yours through password reuse or through a password reset feature, and more.  A criminal could even pose as you to compromise people in your network. A cybersecurity architect shared a story of a highly effective phishing attack that led to rapid account takeover for many employees and their contacts. It’s a scam that could (and did!) fool even those that are on alert for cyber-attacks.

The Phishing Scheme

The company immediately locked down one account that was spamming out a large amount of email. More and more suspicious spamming continued from other accounts over the next few hours and the response team could see logins from all over the world. It was time to do some digging. After evaluating sign-in and sent email timestamps, the team pieced together what was happening: A bot was taking compromised credentials, logging into accounts, searching for recent email threads, and then replying with phishing links. The recipients then clicked and handed their credentials over to the bot, spreading the scam even further.

Why It Worked So Well

This scam was so productive because it met many of the criteria for a “safe” click. First, the message came from a valid email address. It also came from a trusted contact, such as a colleague, vendor or supplier, and was associated with an ongoing or recent conversation. The message associated with the phishing link was generic enough to not raise suspicion on its own. Sure, the target should have hovered over the link before clicking, or checked the URL before supplying any information, but it’s easy to see how anyone could be lulled into a false sense of security. Even the author admitted he probably would have been fooled.

Use Technology and Stay Aware

Multi-factor authentication (MFA) is a very effective way to prevent account compromise since a hacker or bot is unlikely to be able to access the code that comes via text or lives on an app on your phone. In fact, the author notes that they immediately enabled MFA on accounts that did not have it. Enable MFA if you can, before something like this happens on your network!

Finally, we must make sure our users understand that, while some phishing attacks can be fairly easy to spot, sophisticated phishing attacks do exist. Approach every online interaction with caution and always check the web address, especially for login pages. Remember that if you are trying to access a file or link from your email and then you are prompted to log in again, it should make you pause and ask, “Why am I being asked to log in again?”

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s