Overview of phishing techniques: Compromised account

Introduction

One phishing technique that has gotten a significant amount of mileage in recent years is known as the compromised account technique. This technique relies on the behavior of a user who’s been frightened by receiving an email informing them that their account has been breached. 

This article will detail the compromised account phishing technique. We’ll explore what a compromised account is, how it works and how you can spot this technique and avoid falling victim to it yourself. 

What is a compromised account?

The compromised account phishing technique is when phishers attempt to trick a user into sending them sensitive information, including login credentials to the account they claim is compromised. 

This phishing technique may become a springboard for malicious actions that can set the stage for other devastating attacks. This makes the compromised account technique especially dangerous because it may be the harbinger for installing keyloggers, compromising other accounts, a ransomware attack or worse.

Don’t confuse the compromised account technique with a literal compromised account, which is the crown jewel for phishers. This technique is not a rare phenomenon by any means — over 1.5 million malicious emails using this technique were sent from Outlook 365 accounts during the month of March 2019 alone. 

In terms of the nuts and bolts of this technique, it is really an attempted scam where a third-party company sends an email to a user falsely informing them that their account (which may be a work email, service provider or other account altogether) has been compromised. The user is prompted to log into a fake login window to reset their password or to download malicious software that will forward their personal information to the phishers. If the user acts on these instructions, voila! That is all it takes (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Greg Belding. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/z1HfnZi4aXY/