With more people working from home, business email compromise (BEC) scams have been on the rise. Simply put, these scams appear to be from a CEO or other high-ranking official within a firm, but are cybercriminals trying their luck.
We bring this up because a report from ZDNet at the weekend is highly concerning.
According to the publication a cybercriminal is selling hundreds of email username and password combinations that belong to C-suite executives.
The data is reportedly for sale on an underground forum for hackers who prefer speaking Russian.
The account details range in price from $100 to $1 500 depending on the account’s role and the size of the business.
According to the ZDNet report, the details are for Office 365 and Microsoft accounts. The accounts for sale are owned by CEOs, CTOs, presidents, vice presidents, accountants, accounts payable, directors and so many more.
Speaking with an unnamed source within the cybersecurity community, ZDNet was able to obtain two samples of the data that is for sale and verified that the information was valid.
The firms ZDNet acquired information for have been notified of the compromise.
For now it’s unclear how this hacker got their hands on this treasure trove of information but there is no shortage of tools miscreants can use to hoover up information from the net.
Incidents such as this highlight the importance of two things.
The first is having good cybersecurity hygiene. That is, changing passwords regularly, using unique passwords for every website you use. You should also be aware of the websites you visit and links you click.
The second thing is using multi-factor authentication. MFA presents another hurdle for cybercriminals should they get their hands on your username and password.