Foster City, Calif. and London June 8, 2021 -- Agari by HelpSystems, a provider in phishing defense for the enterprise, unveiled the results of an investigation into the anatomy of compromised email accounts. The threat intelligence brief, titled Anatomy of a Compromised Account, showcases how threat actors use credential phishing sites to gather passwords, and what they do with them post-compromise.
The Agari Cyber Intelligence Division (ACID) completed a six-month investigation by seeding more than 8,000 phishing sites mimicking Microsoft Account, Microsoft Office 365, and Adobe Document Cloud login screens. After successfully submitting credentials, the team linked individual phishing attacks to specific actors and their post-compromise actions in order to better understand the lifecycle of the compromised account.
Specific stats uncovered in the extensive research include:
According to Agari, once attackers gained access to the compromised accounts, it became apparent that they wanted to identify high-value targets who have access to a company’s financial information or payment system so that they could send vendor email compromise scams more effectively. The accounts were also used for other purposes, including sending malicious emails and using the accounts to register for additional software from which to run their scams.
"Business email compromise or BEC remains the most prevalent threat in email security, and when cybercriminals gain access to legitimate email accounts, the problem is magnified," states Patrick Peterson, founder of Agari and executive strategy director at HelpSystems. "This research provides key insights into how cybercriminals use these accounts, and underscores the importance of securing your email environment against credential phishing attacks from the beginning."
In one instance, a threat actor used their compromised account to upload two financial documents to the associated OneDrive account—a rental balance sheet and wire instructions for their bank account. Based on the content of these documents, it’s likely that they were intended to be used as part of a BEC attack, presumably one impersonating the real estate investment trust and targeting the senior living community operator, trying to trick them into paying more than $200,000 in outstanding rent.
In another example, cybercriminals targeted employees at real estate or title companies in the U.S. with an email that appeared to come from an U.S.-based financial services company that offers title insurance for real estate transactions. When targets opened the email, they were encouraged to view a secure message, which sent them to a webpage mimicking the company’s actual homepage. From there, they were encouraged to view additional documents and enter their account information—leading to the compromise. This shows the self-fulfilling growth cycle where credential phishing attacks lead to compromised accounts, which lead to more credential phishing attacks and more compromised accounts, and so on.
"Without measures in place to protect against BEC and account takeover-based attacks, the problem will only continue," said Peterson. "The insight uncovered by the ACID team is a sobering reminder of the scale of the issue—compromised accounts lead to more compromised accounts, and only by preventing the first compromise can we suppress BEC at an early stage."
About MRB PR:
MRB PR is a public relations company.
Published: Wednesday, June 9, 2021
Automated Language Testing
Emmersion offers automated assessments to quickly and accurately test speaking, writing, and grammar fluency in 9 languages and counting. We help contact centers improve CSAT scores by screening for top talent and retaining top performers.
HireTrax, MainTrax's standalone pre-hire virtual interviewing solution, automatically analyzes the behavioral characteristics found in each candidate's VOICE to help you select reps better suited for the specific job at hand. After all, agents speak with your customers for hours each day so it's vital they possess the behavioral characteristics and personality traits necessary to be successful. By picking those with tendencies of empathy and positive behavioral traits, you'll have a higher caliber of candidates who will perform better on the job and stay.
|3.)||Orion Learning Services Inc.|
Assessments for Recruitment, Talent Management, Succession Planning
Looking for assessment tools to help you recruit faster, better and more accurately?
Orion Learning offers a full suite of assessment tools designed to target and report on candidate potential. Our tools are used for recruitment, talent management, succession planning and coaching/mentoring. All of the tools are delivered online and the reports are available online and will provide you with an amazing view of the candidate/individual's potential, interview questions, coaching/mentoring steps and much more.
If you're looking to find the candidate/individual with the highest potential, call Orion today!
VADS Recruitment Services
VADS Indonesia provides a recruitment process with strict selection with various requirements according to client needs. VADS Indonesia also has a database of trained candidates so that it can meet the agent needs quickly and in large numbers.
Contact Centre Behavioural Assessments
SalesMatch is an intelligent web based sales and contact centre behavioural assessment platform. It is based on the well known, tried and tested DISC psychometric theory, used by thousands of organisations round the world.
- Reduces Agent Attrition - By selecting the right agent for the role
- Increases Performance - By matching the character profile to the task
- Reduces Time Off - A well matched profile to the role reduced work
- Reduces Recruitment Costs - By early identification of the right candidates
Putting the right person in the job role has become the key focus in the drive...
|6.)||TactiCall Recruitment Services|
TactiCall Recruitment Services
Temporary / Labour Hire / Contingent and Contract Hire
Recruitment Consulting Services
Assessment Centre Design and Facilitation