Account Takeover Attacks Target Low-Level Employees, Lead to More Efficient Phishing Campaigns

Written by Gabriela Vatu
Published on September 20, 2018

Hackers have become quite proficient at taking over employee email accounts and using them for phishing campaigns, giving their efforts an aura of authenticity.

You may think that your email accounts are safe and that no one can do anything about that, but you'd be very wrong. According to a new study from Barracuda Networks, account takeover incidents are more and more frequent and attackers commonly use the newly gained access to spread their phishing campaigns. Those who receive emails from a trusty source are, of course, more likely to click on the links included there.

That's not the only objective of an account takeover attack, of course, as many hackers will also sell the employee credentials over the black market, or even launch personalized attacks. Sometimes, they're even successful in stealing credentials of company CEOs or CFOs, which are then used for Business Email Compromise attacks.

"The attackers typically access to employee email accounts. This allows them to see all of the employee's mailbox and send emails as the employee. Some attackers send emails as the employee and immediately delete the mail from the Sent Items folder to hide their activity. Others divert all the incoming traffic externally via a forwarding rule, so they can observe all mail traffic going forward," Barracuda Networks VP for Email Security Asaf Cidon told TechNadu.

The study saw a random selection of 50 organizations that work with Barracuda Networks and many of them reported account takeover incidents over a three month period. In this timespan, 19 of the 50 organizations experienced account takeover attacks, with a total of 60 incidents, which makes for about 3 situations per company. The report further mentions that 78% of those 60 incidents resulted in a phishing email that sought to infect additional internal and external accounts.

It seems that low-level employees are the ones that are most often targeted, although 22% of the compromised employees did work in sensitive departments such as HR, IT, finance, and legal. Only 6% of the compromised employees were executives.

Companies can take several steps to prevent such attacks from happening. "First, they should deploy a learning system that can automatically detect account takeover incidents and automatically remediate the incidents," Cidon mentions. He adds that security awareness training also needs to take place, focusing particularly on recognizing suspicious activity in their mail systems. "Third, making it harder for attackers to access accounts using multi-factored authentication, as well as using a password manager that enforces strong and unique passwords across accounts is also very important," is Cidon's final advice.

Have you been a victim of an Account Takeover Attack or of phishing? Let us know in the comments section below. We'd also love to hear back from you on Facebook or Twitter.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: