Overview of phishing techniques: Compromised account
Introduction
One phishing technique that has gotten a significant amount of mileage in recent years is known as the compromised account technique. This technique relies on the behavior of a user who’s been frightened by receiving an email informing them that their account has been breached.
This article will detail the compromised account phishing technique. We’ll explore what a compromised account is, how it works and how you can spot this technique and avoid falling victim to it yourself.
Phishing simulations & training
What is a compromised account?
The compromised account phishing technique is when phishers attempt to trick a user into sending them sensitive information, including login credentials to the account they claim is compromised.
This phishing technique may become a springboard for malicious actions that can set the stage for other devastating attacks. This makes the compromised account technique especially dangerous because it may be the harbinger for installing keyloggers, compromising other accounts, a ransomware attack or worse.
Don’t confuse the compromised account technique with a literal compromised account, which is the crown jewel for phishers. This technique is not a rare phenomenon by any means — over 1.5 million malicious emails using this technique were sent from Outlook 365 accounts during the month of March 2019 alone.
In terms of the nuts and bolts of this technique, it is really an attempted scam where a third-party company sends an email to a user falsely informing them that their account (which may be a work email, service provider or other account altogether) has been compromised. The user is prompted to log into a fake login window to reset their password or to download malicious software that will forward their personal information to the phishers. If the user acts on these instructions, voila! That is all it takes for the phishers to effectively compromise an account.
This scam is simple, hard for the untrained eye to discern and incredibly effective. While not every user falls for this trick, enough do for it to persist to the present day.
The sad thing about the whole situation is that no legitimate employer or third-party company would ask you to send them your password or other personal information in response to a compromised account. Many users don’t know this, and some are still finding this out the hard way.
How does the compromised account technique work?
This phishing technique works by exploiting the email user’s trust. First, the user receives an email from what appears to be a trusted source. The email is carefully crafted to make the user think it is legitimate (though you may be able to identify one by a misspelled domain name or URL). It often has an official-looking logo of the third-party company or account provider, and can even be sent from another compromised account — more on this later.
Once the user opens this email, they are presented with a request for the user to validate, verify, change their password or upgrade their account. Those that have not received thorough cybersecurity training may fall for this. Sometimes, the email will ask you to download a form that will transmit your personal information to the phishers.
While this phishing technique can have devastating results for the user, just a little cybersecurity training will protect you from this trick. No matter the account provider (or how important said account is), remember that no legitimate account provider will ask you to send them your password or personal information. Just seeing this request should immediately raise red flags and provoke you to delete the message.
What can phishers do with a compromised account?
As mentioned above, the intended goal of this phishing technique is to entice a user into sending their login credentials, personal information and other sensitive information to the phisher so they can actually compromise your account. Once an account is compromised, phishers can do a number of malicious things to you and your organization. Falling for this technique will give attackers all they need to breach your account.
Different examples of this technique
If anything can be said about the compromised account phishing technique, there is no lack of diversity or creativity. This list is by no means exclusive, but the initial phishing email can claim to be from:
- Google requesting that you change your Gmail password because it was compromised
- From Microsoft, regarding your Office 365 account
- From your bank, informing you that your account has been breached
- From your credit card provider
- From Netflix
- Potentially any popularly used account provider
What to do if you think you received a compromised account phishing email
If you think you have received this type of phishing email, you should:
- Never respond to it
- Never click on any links it contains
- Never download any file attachments
- Report it to your organization’s IT department where applicable. 42% of users with compromised accounts at organizations do not report the incident
- Scan your system for malware
- Double down on your organization’s cybersecurity training — you may have not been paying attention when phishing was covered
- Check for misspelled URLs
- Check for misspelled domains
- Contact the account provider if you are still in doubt
Conclusion
A commonly encountered phishing technique is the compromised account technique. It relies on scaring the user when they are informed that their account (whatever kind it is) has been breached and provides a malicious link or attached file to get its phish hook lodged into the user’s proverbial mouth.
The good thing is this technique is easy to shut down in its tracks. All it takes is for the user to realize that a legitimate account provider or organization would ask a user to update, validate or change their password with an email.
See Infosec IQ in action
Sources
- Phishing Emails Have Become Very Stealthy: Here are 5 Ways to Spot Them Every Time, Inc.com
- Top Examples of Phishing Emails, Terranova Security.
- Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March, Trend Micro Security
- Lateral Phishing Attackers Rapidly Increasing via Email Compromise, Heath IT Security
- Top 10 Types Of Phishing Emails, Security Metrics
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
In this Series
- Overview of phishing techniques: Compromised account
- Keeping your inbox safe: How to prevent business email compromise
- The best 9 phishing simulators for employee security awareness training (2023)
- How to set up a phishing attack with the Social-Engineer Toolkit
- Extortion: How attackers double down on threats
- How Zoom is being exploited for phishing attacks
- 11 phishing email subject lines your employees need to recognize [Updated 2022]
- Consent phishing: How attackers abuse OAuth 2.0 permissions to dupe users
- The state of BEC in 2021 (and beyond)
- Why employees keep falling for phishing (and the science to help them)
- Phishing attacks doubled last year, according to Anti-Phishing Working Group
- The Phish Scale: How NIST is quantifying employee phishing risk
- 6 most sophisticated phishing attacks of 2020
- JavaScript obfuscator: Overview and technical overview
- Malicious Excel attachments bypass security controls using .NET library
- Phishing with Google Forms, Firebase and Docs: Detection and prevention
- Phishing domain lawsuits and the Computer Fraud and Abuse Act
- Phishing: Reputational damages
- Spearphishing meets vishing: New multi-step attack targets corporate VPNs
- Phishing attack timeline: 21 hours from target to detection
- Overview of phishing techniques: Brand impersonation
- BEC attacks: A business risk your insurance company is unlikely to cover
- Cybercrime at scale: Dissecting a dark web phishing kit
- Lockphish phishing attack: Capturing android PINs & iPhone passcodes over https
- 4 types of phishing domains you should blacklist right now
- Email attack trend predictions for 2020
- 4 tips for phishing field employees [Updated 2020]
- How to scan email headers for phishing and malicious content
- Should you phish-test your remote workforce?
- Overview of phishing techniques: Fake invoice/bills
- Phishing simulations in 5 easy steps — Free phishing training kit
- Overview of phishing techniques: Urgent/limited supplies
- Phishing techniques: Contest winner scam
- Phishing techniques: Expired password/account
- Overview of Phishing Techniques: Fake Websites
- Overview of phishing techniques: Order/delivery notifications
- Phishing technique: Message from a friend/relative
- [Updated] Top 9 coronavirus phishing scams making the rounds
- Phishing technique: Message from the boss
- Cyber Work podcast: Email attack trend predictions for 2020
- Phishing techniques: Clone phishing
- Phishing attachment hides malicious macros from security tools
- Phishing techniques: Asking for sensitive information via email
- PayPal credential phishing with an even bigger hook
- Your 2020 tax scam training guide
- Abusing email rules
- 8 phishing simulation tips to promote more secure behavior
- Top types of Business Email Compromise [BEC]
- Be aware of these 20 new phishing techniques
- Phishing in academic environments
- Phishing-as-a-Service
We’ll customize our demo to your
- Security awareness goals
- Existing security and employee training tools
- Industry and compliance requirements
