Hackers are deep in the spirit of exploiting the holidays for financial gain, which is why it’s unsurprising that yet another new type of spear phishing attack has emerged, in which attackers are posing as CEOs to trick office managers, executive assistants and receptionists into sending them gift cards, according to email security researchers at Barracuda Networks.
Since early October, the researchers have reportedly seen an uptick in these types of attacks. Unlike other phishing campaigns that include attachments, these emails do not have malicious links or files included. What also seems to be working effectively is that they are often sent from trusted email domains.
As a result, traditional email filters often do not recognize them as threats. Additionally, the attackers capitalize on the urgency of the holidays and poses the request as a company surprise to discourage the victim from confirming the legitimacy of the request.
Using the social engineering tactics of CEO impersonation, requests for secrecy, researching relevant details and implied urgency, the attackers are specifically and intentionally exploiting people’s good cheer during the holidays.
No tags.
