Skip to main content
  1. Home
  2. Computing
  3. News

Hackers attacking corporate executive targets with personalized phishing emails

By

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
Security firm Proofpoint reports that a “financially motivated threat actor” it calls TA530 is currently targeting company executives and additional high-level employees in an unusually personalized spear phishing campaign. It’s targeting individuals with high-ranking roles such as chief financial officer and senior vice president using emails containing their specific names, job titles, phone numbers, and more within the email body.

A spear phishing campaign doesn’t send out emails to a general audience hoping to reel in a few victims, but typically focuses on a specific organization in order to hook individuals into giving up confidential information such as military data or trade secrets. The emails appear to derive from a trusted source, and contain a link to a fake malware-infested Web page or a file that downloads malicious software.

Recommended Videos

Proofpoint says the information used by TA530 can be gathered from public sites like the company’s own website, LinkedIn, and so on. It’s targeting up to tens of thousands of individuals located in organizations based in the United States, the United Kingdom, and Australia. The attacks are even larger than other spear phishing campaigns, but have yet to approach the magnitude of Dridex and Locky.

TA530 is mostly targeting financial services, followed by organizations in retail, manufacturing, health care, education, and business services. Technology-focused organizations are also affected along with insurance companies, utility services, and companies involved in entertainment and media. Transportation is the lowest on the list of targets.

TA530 carries a number of playloads in its arsenal, including a banking Trojan, a Point of Sale reconnaissance Trojan, a downloader, file-encrypting ransomware, a banking Trojan botnet, and more. For instance, the Point of Sale reconnaissance Trojan is mostly used in a campaign against retail and hospitality companies, and financial services. The banking Trojan is configured to attack banks located throughout Australia.

In a sample email provided in the report, Proofpoint shows that TA530 is attempting to infect the manager of a retail company. This email includes the target’s name, the company name, and the phone number. The message requests that the manager fill out a report regarding an incident that took place at one of the actual retail locations. The manager is to open the document, and if macros are enabled, it will infect his computer by downloading the Point of Sale Trojan.

In the few cases presented by Proofpoint, the targeted individuals receive an infected document although the security firm states that these emails can also contain malicious links and attached JavaScript downloaders. The company has also seen a few emails in the TA530-based campaigns that were not personalized, but still carried the same consequences.

“Based on what we have seen in these examples from TA530, we expect this actor to continue to use personalization and to diversify payloads and delivery methods,” the firm states. “The diversity and nature of the payloads suggest that TA530 is delivering payloads on behalf of other actors. The personalization of email messages is not new, but this actor seems to have incorporated and automated a high level of personalization, previously not seen at this scale, in their spam campaigns.”

Unfortunately, Proofpoint believes that this personalization technique isn’t limited to TA530, but will ultimately be used by hackers as they learn to pull corporate information from public websites such as LinkedIn. The answer to this problem, according to Proofpoint, is end-user education and a secure email gateway.

Topics
Kevin Parrish
Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Power up your tech game this summer with Dell’s top deals: Upgrade for a bargain
Dell Techfest and best tech on sale featured.

One of the best times to upgrade your tech stack, be it your desktop, a new laptop, or some high-resolution monitors, is when great deals are to be had. Well, I'm here to share that thanks to Dell's top deals, you can power up your tech game and have most of the summer to make it happen. Maybe you're happy with your current system or setup. That's excellent, but you're likely considering upgrading somewhere, and that's precisely what these deals are all about. Dell has a smorgasbord of deals on laptops, desktops, gaming desktops, monitors, accessories, and so much more. We'll call out a few of our favorite deals below, but for now, know that you should be shopping this sale if you're interested in anything tech-related.

 
What summer tech should you buy in Dell's top deals?

Read more
I love the MacBook Pro, but this Windows laptop came surprisingly close
Apple MacBook Pro 16 downward view showing keyboard and speaker.

There are some great machines in the 15-inch laptop category, which has recently been stretched to include the more common 16-inch laptop. The best among them is the Apple MacBook Pro 16, which offers fast performance for tasks like video editing and the longest battery life.

The Lenovo Yoga Pro 9i 16 is aimed not only at other 16-inch Windows laptops but also at the MacBook Pro 16. It offers many of the same benefits but at a lower price. Can it take a place at the top?
Specs and configurations

Read more
How to set an ‘Out of Office’ message in Microsoft Teams
Person using Windows 11 laptop on their lap by the window.

Many people use Microsoft Teams regularly to communicate with colleagues both inside of the office and remotely. It is considered one of the most efficient ways to ensure you can stay in contact with the people on your team, but what if you need to let people know you’re not readily available? Microsoft Teams has a method for you to set up an "Out of Office" status for your profile to let staff members know when you’ll be gone for the afternoon, for several days on vacation, or for an extended period.
Where do I go to set up my ‘Out of Office’ status for Teams?
It is important to note that your Microsoft Teams and Outlook calendars are synced. This includes your out-of-office status and automatic replies. So, whatever you set up in Microsoft Teams will reflect in Outlook. Similarly, you can set up your out-of-office status in Outlook, and it will be reflected in Teams; however, the former has a more straightforward instruction.

First, you can click on your profile icon in Teams and go directly to Schedule an out of office, as a shortcut. This will take you to the settings area where you can proceed. You can also click the three-dot icon next to your profile icon, then go to Settings > General, then scroll down to the bottom of the page. There, you'll find out-of-office settings and click Schedule.

Read more