New ‘CEO Fraud’ Phishing Kit Scam on the Rise
2021-03-04 22:38:04 Author: perception-point.io(查看原文) 阅读量:244 收藏

The Perception Point IR Team recently uncovered a new CEO Fraud phishing kit that leverages Backblaze, a cloud-storage tool, to host fake Office 365 login pages.

Dana Roth, Digital Marketing Manager

The Perception Point IR Team recently uncovered a new CEO Fraud phishing kit that leverages Backblaze, a cloud-storage tool, to host fake Office 365 login pages.

Phishing and BEC have grown so big that there’s an entire criminal market around it. Phishing-as-a-Service is when hackers buy pre-existing phishing software. This makes it easier than ever to rapidly launch an attack without any prior coding knowledge.

Three Methods of CEO Fraud

Before we dive into the aforementioned phishing kit, let’s first discuss the methods used by perpetrators of CEO Fraud.

  • Account Takeover. An attacker takes over a real email address, either by brute-force tactics or some form of social engineering that allowed them the password of the email address.
  • Email Address Domain Spoofing. A common form of phishing that occurs when an attacker uses a company’s domain in email communication to impersonate one of its employees.
  • Sender Display Name Spoofing. This is when the display name looks like it’s from a real person in the company. The attacker is hoping that the receiver of the email will not see the actual email address that it is coming from.  For mobile users, for example, they only see the display name and not the actual email address.

In the following example, you can see how one attacker attempted to phish private company information from Company “A.” To do this, he or she posed as the CEO of Company B, a well-known partner of Company A.

The Malicious Methodology Used

CEO Fraud

Step 1. Spoofing the CEO

  • The attacker sends an email to employees at Company A, telling them to download an important document. He or she poses as authentic by perfectly spoofing the sender name and domain to match the real CEO’s details.
    • Spoofed CEO Sender Name
    • Spoofed Company Domain
CEO Fraud
The attacker creates the perfect spoof.

Step 2. Creating Legitimacy

  • The attacker creates a phishing page and hosts it on Adobe. The employee is then sent to a page hosted on Adobe Spark to download the malicious document.
    • Phishing Link
CEO Fraud

By hosting the page on the well-loved brand Adobe Spark, the attacker is hoping to legitimize the campaign.

Step 3. Designing the Phishing Login Page

  • The phishing link takes the user to the fake login page designed to look like a real Microsoft page. The attacker created the phishing page using Backblaze, a cloud storage platform that allows users to publish a page using the Backblaze domain as its host.
    • Phishing Login Page
CEO Fraud
It perfectly spoofs a Microsoft login page.

Step 4: Obtaining the Credentials

As soon as the victim fills in the form, it’s game over, unfortunately. The details have been successfully phished.

CEO Fraud

How to Protect Your Organization

To combat impersonation attacks (both Email Address Spoofing and Display Name Spoofing), it’s important that every incoming email in the organization is pre-screened using anti-phishing services.


It Might Look the Same to You But Not to Our Algorithms.

Perception Point developed unique algorithms to prevent all types of impersonation techniques.

Machine-learning tech inspects all relevant data and metadata to identify any deviation from standard operations and to detect suspicious content well ahead it reaches the end-user who might be tricked.

Learn more about our unique algorithms for fighting all types of BEC.

Ready to Try
Perception Point?

The Perception Point IR Team recently uncovered a new CEO Fraud phishing kit that leverages Backblaze, a cloud-storage tool, to host fake Office 365 login pages.

As some of you might have noticed, Perception Point is sporting a brand-new website, including updated messaging and a new design.

Apple’s security measures aren’t enough anymore. Fortunately, there is a new solution. Our Advanced Email and Collaboration Protection now prevents attackers from using APTs to target Apple computers.

Perception Point’s unique X-Ray app enhances threat protection with game-changing incident containment across all users and channels

Perception Point has been recognized as a Representative Vendor in the new Integrated Email Security Solutions (IESS) category.

Channel Next, an emerging value-added distributor (VAD) has taken on the exclusive distribution of Perception Point, a global leader in advanced email and collaboration security threat prevention solutions, in the UAE.

This website uses cookies. By continuing to browse this site, you agree to this use. Learn more.


文章来源: https://perception-point.io/new-ceo-fraud-phishing-kit-scam-on-the-rise/
如有侵权请联系:admin#unsafe.sh