Phishing actors are increasingly targeting non-executive workers who have access to valuable regions within a business.
According to researchers, half of all phishing emails they examined in recent months impersonated non-executives, and 77% of them targeted employees at the same level.
Previously, in targeted phishing attacks, phishing actors would imitate CEOs and CFOs to deceive firm employees.
This made sense because sending instructions and making urgent requests as a high-ranking employee improves the likelihood that the receiver will comply.
However, as CEOs became more alert and security teams in large corporations built additional defenses around those “important” accounts, phishing actors shifted their focus to lower-ranking individuals who can still serve as great entry points into corporate networks.
The researcher said, “Security administrators may be spending a lot of time paying special attention to the C-Suite, and hackers have adapted. At the same time, non-executives continue to have access to financial data and sensitive information. Hackers understood there was no need to climb all the way to the top of the food chain.”
An illustration of this technique is provided below, in which an employee with access to internal financial systems receives an urgent request to update the impersonated sender’s direct deposit file information.
<Email targeting a non-executive with access to internal financial systems>
According to the research, a common deception used in these operations is the use of DocuSign, a legitimate cloud-based document signing software.
In the emails they send, the actors offer DocuSign as an alternative signing mechanism and ask the recipients to input their credentials to read and sign the document.
<Fake DocuSign phishing email>
While these emails appear to be genuine DocuSign messages, they are not sent via the platform. Users are never requested to submit passwords in genuine DocuSign emails; instead, an authentication code is emailed to the recipient.
In the midst of their everyday tasks, some employees are likely to be duped by this message and misinterpret it as a legitimate DocuSign request, inputting their email credentials and passing them over to the phishing actors.
When an email arrives in your inbox, it is critical that you take the time to examine it for any symptoms of deception. Unsolicited attachments, spelling problems, and requests to enter your credentials are all major red flags.
Docusign-themed phishing attacks are nothing new, and many threat actors have exploited them to steal login credentials and disseminate malware. In August 2019, a DocuSign landing page effort went a step further by attempting to fool consumers into entering their full credentials for a variety of email providers.
To read more, please check eScan Blog
