Attackers look for a spoofable domain of a high-level executive, CEO, CTO or CFO. In most cases, they conduct months of research on the company to be able to make the malicious email seem legitimate.
https://emailauth.io/
3. The Beginning
Attackers look for a spoofable domain of a high-level executive, CEO,
CTO or CFO. In most cases, they conduct months of research on the
company to be able to make the malicious email seem legitimate.
4. The
Trap
The seemingly genuine email is sent to employees who are responsible
for making payments or have access to sensitive information that the
attacker needs.
5. The Response
Without verifying or questioning the legitimacy of the email, the
unsuspecting emoloyees immediately act upon it.
6. The Damage
Once the attack is successful, the attackers get what they want, be it money or
data. Fraudulent transactions and unauthorized data access lead to massive loss of
money and more targeted data breaches.
7. The Result
• Massive loss of money
• Tarnished brand reputation
• Valuable customer trust is lost
• CEO is fired
• The employee who acted on the phishing email is fired
• Money and data lost are almost never recovered