How much value could be contained within the Microsoft account of a senior executive? How much responsibility, how much information and how much value could be hidden in the files and emails of a manager / executive officer? Behind these questions lies the "business" that a cracker is trying to set up by selling the credentials of people who occupy high leadership positions in companies: these are Microsoft 365 accounts, stolen in no one knows what way, but including name and password to have undue access to files, emails, calendars and so on.
Scams of this caliber are increasingly widespread, forcing companies to have increasingly tight internal protocols for the passage of commands and information in normal internal workflows. Perimeter defense is obviously no longer enough, but clearer policies are needed to ensure that the loss of credentials (whatever the reason: cyber attacks, vulnerability of external services or phishing) does not put the company at risk precisely because the passage is through figures with high powers within the working group.
ZDNet was able to confirm the validity of the information contained in this database, thus proving the danger of this type of sale. Companies are warned: risks can also come from above.
Source: ZDNet
CEO Scam
Presidents, CEOs, COOs, CFOs, CMOs, CTOs, executive assistants and much more again: the shopping list is extensive, with prices ranging from 100 to 1500 dollars each. Price that is not only a cost, but above all an investment that any scammers could make their own: having the credentials of a manager can also mean the ability to send emails that issue sales or purchase orders, moving money and quickly transforming a few dollars into millions.Scams of this caliber are increasingly widespread, forcing companies to have increasingly tight internal protocols for the passage of commands and information in normal internal workflows. Perimeter defense is obviously no longer enough, but clearer policies are needed to ensure that the loss of credentials (whatever the reason: cyber attacks, vulnerability of external services or phishing) does not put the company at risk precisely because the passage is through figures with high powers within the working group.
ZDNet was able to confirm the validity of the information contained in this database, thus proving the danger of this type of sale. Companies are warned: risks can also come from above.
Source: ZDNet