Don’t want to watch a video? Here’s a summary. Please note, this is not an exact transcript.
We’re talking about a multi-step attack targeting businesses in every industry. This attack can cost you thousands of dollars (we've seen companies lose $100,000+!). We’re a Microsoft partner and have specifically seen this with Office 365 users, but it’s happening with users for all kinds of Cloud accounts, including Office 365, Google for Work, DropBox, etc.
The first step the hackers take is to research your company. They look at things like your website about pages and LinkedIn to figure out who the high-value targets are. This could be a CXO or could be someone lower down in a role that has access to money—accounts receivable folks are a huge mark right now.
Then, they execute the first part of the attack. This is usually a phishing email with the purpose of stealing login credentials. According to Microsoft, the see nearly 200,000,000 of these style of phishing emails per month.
Once they’re in the account, they do more research. They learn what’s normal inside your business and who else can they target to get the biggest return. Who are key internal players? Who are key customers?
They’ll also hide their tracks. They’ll set up things like rules in emails to forward emails to an external account so that even if you change your password, they’re still getting your email.
Then they wait. Cybercriminals will sit in your system, sometimes for months before they actually do anything. They’re waiting for the right time to strike—they’re usually looking for some sort of transaction they can insert themselves into. Sometimes they will make up a scenario, using your account.
Once the time is right, they act. Back to our accounts receivable example—they’ll pretend to be that person and tell your customers that they need to pay their bill using a new ACH or credit card link. Now you AND your customers are out money.
So, what can you do? If you’re a PTG customer, we offer a security package that helps protect against this kind of attack. It significantly reduces the number of phishing emails getting into your environment and helps prevent attackers from getting in, even if they get your password. If you’re interested, please reach out to your customer success manager to learn more.