Skip to main content

Hackers attacking corporate executive targets with personalized phishing emails

researchers use ambient light sensor data to steal browser exhausted man computer problems desk hacking hackers malware frust
Shutterstock
Security firm Proofpoint reports that a “financially motivated threat actor” it calls TA530 is currently targeting company executives and additional high-level employees in an unusually personalized spear phishing campaign. It’s targeting individuals with high-ranking roles such as chief financial officer and senior vice president using emails containing their specific names, job titles, phone numbers, and more within the email body.

A spear phishing campaign doesn’t send out emails to a general audience hoping to reel in a few victims, but typically focuses on a specific organization in order to hook individuals into giving up confidential information such as military data or trade secrets. The emails appear to derive from a trusted source, and contain a link to a fake malware-infested Web page or a file that downloads malicious software.

Recommended Videos

Proofpoint says the information used by TA530 can be gathered from public sites like the company’s own website, LinkedIn, and so on. It’s targeting up to tens of thousands of individuals located in organizations based in the United States, the United Kingdom, and Australia. The attacks are even larger than other spear phishing campaigns, but have yet to approach the magnitude of Dridex and Locky.

Please enable Javascript to view this content

TA530 is mostly targeting financial services, followed by organizations in retail, manufacturing, health care, education, and business services. Technology-focused organizations are also affected along with insurance companies, utility services, and companies involved in entertainment and media. Transportation is the lowest on the list of targets.

TA530 carries a number of playloads in its arsenal, including a banking Trojan, a Point of Sale reconnaissance Trojan, a downloader, file-encrypting ransomware, a banking Trojan botnet, and more. For instance, the Point of Sale reconnaissance Trojan is mostly used in a campaign against retail and hospitality companies, and financial services. The banking Trojan is configured to attack banks located throughout Australia.

In a sample email provided in the report, Proofpoint shows that TA530 is attempting to infect the manager of a retail company. This email includes the target’s name, the company name, and the phone number. The message requests that the manager fill out a report regarding an incident that took place at one of the actual retail locations. The manager is to open the document, and if macros are enabled, it will infect his computer by downloading the Point of Sale Trojan.

In the few cases presented by Proofpoint, the targeted individuals receive an infected document although the security firm states that these emails can also contain malicious links and attached JavaScript downloaders. The company has also seen a few emails in the TA530-based campaigns that were not personalized, but still carried the same consequences.

“Based on what we have seen in these examples from TA530, we expect this actor to continue to use personalization and to diversify payloads and delivery methods,” the firm states. “The diversity and nature of the payloads suggest that TA530 is delivering payloads on behalf of other actors. The personalization of email messages is not new, but this actor seems to have incorporated and automated a high level of personalization, previously not seen at this scale, in their spam campaigns.”

Unfortunately, Proofpoint believes that this personalization technique isn’t limited to TA530, but will ultimately be used by hackers as they learn to pull corporate information from public websites such as LinkedIn. The answer to this problem, according to Proofpoint, is end-user education and a secure email gateway.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
ChatGPT just dipped its toes into the world of AI agents
OpenAI's ChatGPT blog post is open on a computer monitor, taken from a high angle.

OpenAI appears to be just throwing spaghetti at this point, hoping it sticks to a profitable idea. The company announced on Tuesday that it is rolling out a new feature called ChatGPT Tasks to subscribers of its paid tier that will allow users to set individual and recurring reminders through the ChatGPT interface.

Tasks does exactly what it sounds like it does: It allows you to ask ChatGPT to do a specific action at some point in the future. That could be assembling a weekly news brief every Friday afternoon, telling you what the weather will be like in New York City tomorrow morning at 9 a.m., or reminding you to renew your passport before January 20. ChatGPT will also send a push notification with relevant details. To use it, you'll need to select "4o with scheduled tasks" from the model picker menu, then tell the AI what you want it to do and when.

Read more
Will a VPN work on the TikTok ban? Here’s everything you need to know
TikTok logo on an iPhone.

TikTok is one of the most popular apps on the planet, and unless you live under a rock, you've probably heard by now that it's likely going to get banned in the United States. For the roughly 170 million monthly TikTok users in the US, the potential ban is disappointing news, to say the least. We're happy to report that there's still hope, though. If you already have the app on your phone, you can actually bypass the ban somewhat quite easily. In fact, the main way to do it is through the use of a VPN, and given how common VPNs are these days, you may already have a paid VPN subscription that you could potentially utilize. It's also worth noting that while free VPN options exist, they may not work as well as paid VPNs, especially when it comes to country choices and speeds.

But let's backtrack a bit - you’ve probably heard of virtual private networks before, what exactly do they do? In short, a VPN helps you protect your privacy by disguising your location, allowing you to change your apparent location and view websites in other countries as if you were a resident.

Read more
Your personal info is being stolen with every click you make – but don’t worry, Incogni can help with that
Incogni remove personal information from identity thieves

You may already be using one of the best VPNs for online privacy, but you can still go one step further and take the fight to the companies holding your information hostage. With every signup and click around the web, there's a chance that malicious parties are picking up on your personal data, shopping patterns, and interests. And that's even if you're using one of the best antivirus packages out there. Luckily, Incogni is ready to take on the fight against these data brokers for you. And, even better, you can now get a year's worth of their service for 55% off the regular price. Just tap the button below and enter the code DIGITALDEAL upon checkout to lower an annual plan from around $180 to closer to $81. Alternatively, keep reading to learn more about the service and how it can help you combat these threats.

Why you should try Incogni
Between IP addresses, cookies, accounts, and other data, a complex narrative about you and your patterns can be made for advertisers. Even Incognito Mode isn't perfect at keeping your information totally safe. An April 2023 lawsuit showed just how sloppy big companies can be with your data — at that time, Facebook didn't have rules regarding the ways third parties could interact with user data. If you're clickin', your data is probably stickin'.

Read more