Hackers Targeting C-Suite Executive’s Personal Accounts, A New Trend
June 6th, 2023
Dear Colleagues,
Cybercriminals have recently shifted their tactics to focus on the personal lives of C-suite executives rather than targeting them through their respective businesses. Instead of trying to compromise corporate email accounts, they are now targeting personal online accounts because they are typically far less protected.
Last week, BlackCloak Cybersecurity and the Ponemon Research Institute (both recognized leaders in their respective fields) published a joint report that not only divulged this new trend but also noted that 42% of companies have experienced cybercriminal attacks on their senior-level executives.
By using breached passwords from the dark web, cybercriminals gain access to the executive’s personal email, which they then use to perpetrate financial theft, extortion, and even reverse-breaches (gaining access to corporate accounts, data, and systems through the executive’s personal accounts).
In a subsequent interview, the founder and CEO of BlackCloak said, “We’ve seen hackers carry out complex social engineering attacks on executives and their spouses to pull off hundreds of thousands of dollars in financial fraud.” He also said that hackers routinely steal tax records, divorce papers, and other legal documents, and threaten to release them on the web unless they’re paid a ransom.
Armed with this disconcerting information, ITS would like to take this opportunity to ask everyone to:
- Review and apply basic Password and Passphrase Best Practices to all of your personal accounts, and
- Never use a personal email account to conduct matters of business at LBCC (no matter how insignificant that request may seem) as fraudulent personal accounts are the primary vehicle used in Imposter Scams.
To further bolster your security posture at home, ITS would encourage you to review and implement as many best practices as is practicable for Home Computer and Administrative Accounts and Working Remotely, Securely.
If you have any questions regarding this or any other previous advisory, please feel free to email the Office of Information Security.