As cyberactors increase their use of social engineering, they have successfully overtaken user accounts, sending emails containing fake links to users' contacts to steal organization credentials according to new research.

Campbell Calif.-based Barracuda Sentinel released details and examples of recent impersonation-based email account takeovers and how credit union and other organizations can prevent them.

Often, the end goal of this credential theft is to phish a member of the finance department, or people working at organizations handling money, then trick them into approving a wire transfer or coughing up personal information. With the proper email security and user training measures in place, employees can decrease their risk and help shore up their business' defenses.

Cybercriminals count on the inclination to open and act on an email from a colleague, friend or someone known as opposed to someone who is an unknown. The Barracuda Sentinel team dissected a couple of real account takeover attacks. Here is what they found:

Cybercriminals take over user accounts and send fake emails to the users' colleagues and contacts. The emails sent contain fake links, including a fake OneDrive share link used to steal credentials and take over more accounts.

In the first example, criminals took over an account of a finance employee. “The employee most likely followed a phishing link from the attackers, which prompted them to enter their credentials into a fake Outlook sign-in page,” the research noted. Once they did that, the criminals had their credentials, and could use them to access the email account. The criminals then sent out emails to over a dozen members of the finance team from the compromised account. The goal of the compromised emails was to steal additional credentials.

The message itself seems like an innocuous paid invoice notification. However, if the other employees click on the link, they move to a fake Office 365 sign-in page where they receive a request to enter their credentials. If they fall for the bait and submit their authorizations, the takeover of their accounts begins.

“On their own, stolen credentials of a reputable organization are worth a handsome sum in the dark web,” the researchers relayed.

In addition, hackers can use the stolen credentials to conduct spear phishing, or CEO fraud attacks. In these attacks, the hackers send an email from the compromised account with the goal of tricking the recipient (who is usually in the finance department) to send a wire transfer to a financial account owned by the attacker.

Like the first example, hackers took over a user's email account after criminals included a OneDrive share link that when clicked led lead to a fake sign-in page used to steal credentials. In this attack, the criminals logged in multiple times to the user's account, gathered targets from the user's address book, and sent out hundreds of emails to both employees and external contacts.

Once criminals steal user credentials, these attacks can snowball quickly. “And what's really scary, is that standard email security solutions won't detect these types of attacks because they originate from internal emails,” the researchers explained.

So, how can users stay out of harm's way? Real-time spear phishing and cyber fraud defense; and user training and awareness. Barracuda Sentinel said it can automatically prevent email account takeover utilizing artificial intelligence to learn an organization's communications history and prevent future spear-phishing attacks. The firm said it also provides comprehensive user training and testing as well as phishing simulation for emails, voicemail, and SMS along with other tools to train users to identify cyberattacks.

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).