Executive compromise attacks don’t always have malicious links: Report

For an attacker, spear phishing is an efficient way of getting work done. Business Email Compromise (BEC) schemes (sometimes also called business executive compromise), which specifically target executives or mid-level finance officials, can be particularly useful: Get an official to click on a link, infect the target and there’s high-level access to an organization. Or, get the official to wire money to a link and rake in the cash.

To counter this, security awareness defensive techniques include training employees to watch out for suspicious links in email, text or social media messages.

But as a recent analysis of 3,000 email attacks on Barracuda Networks customers shows, not all initial messages from an attacker will have a link. Perhaps realizing that organizations are watching for suspicious communications attackers increasingly first try to establish rapport with a victim. So in the sample looked at, only 40 per cent of  messages had a link. Twelve per cent tried first to establish rapport, with messages like “Are you online now?” or “Are you available for something urgent?”. Then, often, the follow-up message has a malicious link to an infected document, a web site or a bank account controlled by the attacker.

In the sample the company looked at, just under half (46.9) per cent of attacks wanted targets to make a wire transfer to a phony person/account, 40.1 per cent wanted the target to click on a link, and 12.2 per cent wanted the victim to forward personally identifiable information (including that of other employees, such as lists of staffers and their social insurance numbers purportedly for tax purposes).

One point from this analysis is that with less than half of messages having a suspicious link it’s harder for technology (anti-virus, gateways etc.) to intercept many of these attacks. The analysis of the sample also notes that while senior officials are often targets of BEC attacks, just over half also went to others in the organization who might be influenced by a message seemingly coming from the C-suite.

Barraduca recommends that wire transfers should never go out without a confirming in-person conversation or phone call with a responsible company official.  Use additional care with phone calls if the only contact information is included in the potentially fraudulent email, the warning adds.

The sample also shows that in almost 43 per cent of the time messages pretended to come from a company’s CEO. So employees should be warned to take extra care acting on email from that account.  “If the CEO is making a request or if it is unusual to receive email from the CEO, the user should confirm the legitimacy before taking action.”

These and other techniques should be part of a regular security awareness training program.

The Barracuda analysis is in a blog that can be read here.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now