Phishing Hole: Execs Names Pilfered

Tuesday, April 9, 2013 @ 03:04 PM gHale

Business contact details of executives from Forbes 100 companies are now available via a new online black market that would allow cyber criminals to create credible phishing attacks.

There is an ongoing campaign focused on Microsoft Access files containing the contact information of executives at a number of prominent firms, said researchers at security firm Webroot.

Malware Attacks Hit Constantly
Spear Phishing: Energy Sector Targeted
Malware Hits Apache Servers
Spear Phishing Takes it Up a Notch

“[We spotted an] underground market advertisement, which basically offers a Microsoft Access file of data belonging to executives within major companies […] obtained primarily through valid business cards,” said Webroot’s Dancho Danchev.

“The inventory consists of 508 contacts of foreign companies based in Russia, and 380 contacts belonging to other companies,” Danchev said.

The marketplace has data from companies like Coca Cola, Credit Suisse, Mercedez-Benz, Bloomberg and Carlsberg for sale.

Webroot said attackers could use the data could to create sophisticated phishing scams. Phishing messages are emails or texts designed to entice the user into downloading an infected attachment or clicking on a weblink that re-directs them to a malware download page.

Danchev said with the information on offer, criminals would be able to create much more enticing messages, increasing the number of victims falling for the scam.

Phishing scams have become an increasing problem for businesses. Prior to the discovery of the new marketplace selling business cards, numerous security vendors have listed phishing as one of cyber criminals most-used attack strategies.

In a new report, FireEye listed spear phishing as the most common attack targeting industry, claiming it on average detects at least one attempt on a company’s network every three minutes.

Leave a Reply

You must be logged in to post a comment.