Trending

ee-track">
Link copied!

C-Level Executives — High-Value Targets of Cybercriminals

Cybercriminals have a keen understanding of human nature. They know that strategically targeting individuals with well-crafted and well-timed phishing emails is an effective technique to compromise user accounts, initiate wire transfers, and gain unauthorized access…

January 22, 2021 · 3 min read
C-Level Executives — High-Value Targets of Cybercriminals

Cybercriminals have a keen understanding of human nature. They know that strategically targeting individuals with well-crafted and well-timed phishing emails is an effective technique to compromise user accounts, initiate wire transfers, and gain unauthorized access to organizational systems. To enhance the effectiveness of their phishing campaigns, cybercriminals meticulously scrutinize company news, profile executives, understand supply chains, and study employee behavior.

Considering the level of influence C-level executives carry in their business, cybercriminals often impersonate executives when targeting employees and supply chain partners. Spoofing an executive’s email to trick the recipient into performing the cybercriminal’s request (such as wire transfer, disclose tax documents, etc.) is known as CEO fraud, a subset of Business Email Compromise (BEC) scams. This type of attack continues to increase in frequency and effectiveness.   

In addition to impersonating C-level executives, cybercriminals also attempt to gain unauthorized access to executive’s accounts. C-level executives are often privy to sensitive information that is highly valued in the darkweb. As such, cybercriminals target executives using well thought out and tailored spear phishing messages to trick the executive into divulging passwords and other sensitive information. Corporate email credentials are immensely valuable to cybercriminals as they can be monetized in multiple ways, including BEC scams.

According to Beenu Arora, Founder and CEO at Cyble, “Senior management and c-level executives are twice as prone to ‘whaling attacks.’ When compared with phishing attacks, these are more challenging to identify due to their highly personalized nature. Targeting the C-suite can be extremely rewarding for a cybercriminal because the ROI is sizeable.”

C-level executives should remain vigilant in identifying phishing attempts, and organizations should implement processes to rapidly identify when executive credentials and personal information are leaked in cybercrime forums. Email and password combinations generally sell for $50 to $2,000 on cybercrime forums. Leaked employee credentials generate significant profit for cybercriminals, with compromised accounts of C-level executives bringing in top-dollar.

“If attackers get access to valid credentials, there is no end to the damage that they can inflict. Accessing internal databases, exfiltrating confidential data, and launching social-engineering attacks are just some of the ways in which threat actors exploit compromised credentials,” says Manish Chachada, Chief Operating Officer at Cyble. Organizations should consider taking a multi-layered approach to managing the risk of Business Email Compromise (BEC) scams. User awareness training and phishing simulation exercises help lower risks associated with phishing and data breaches. Proper password hygiene and multifactor authentication reduce the damage of credential leaks over time. Proactive monitoring of the darkweb for leaked credentials and personally identifiable information of executives is another key control. Timely identification, analysis, and mitigation of the leak enable organizations to rapidly manage the situation, helping to protect the organization’s security and reputation and impacted executives.

report-ad-banner

About Cyble

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit https://cyble.com

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams