A crook is making news for offering to sell hundreds of stolen C-level email user names and passwords.
“The login information has been verified by cybersecurity teams and is for Office 365 and Microsoft accounts of CEOs, COOs, CFOs, CTOs, and other senior positions,” TechRepublic reported Wednesday.
The email user name and password combinations are for sale on a Dark Web forum used by people who communicate in Russian. Asking prices range from $100 to $1,500, and list executives from the U.S. and other countries.
IT Security experts say the email accounts likely were stolen through weak security, such as executives reusing the same password or using weak passwords and no additional authentication.
The theft allows crooks to use compromised emails to demand payments, payroll information, intellectual property information, and other business information by posing as a boss telling a subordinate to supply the information.
Worse, hackers posing as bosses could trick unsuspecting employees into spreading the intrusion further by asking them to forward dangerous attachments, Manufacturing.net noted.
If you are a C-level executive and you have declined to use or implement two-factor authentication, you are asking for trouble. You are a top target for hackers.
You may argue that your business is too small for hacker interest. But small businesses are a target based on who their customers are. Hackers target weak small companies to connect to the more-desirable entity.
Use two-factor authentication to secure your accounts, use a password manager to generate strong, secure passwords unique to all your accounts, and make you fully fund your organization’s top IT Security priorities.
This is when many organizations plan for next year. If you fail to implement and follow key data security measures, you’d better plan for trouble.
If your IT team is overwhelmed, seek outside supplemental help, such as a managed IT Services provider like ImageQuest. Contact us to schedule a consultation today!