A new phishing campaign purporting to be from CEO and stating that the board meeting has been rescheduled requests users to take part in a poll to choose a new date for the meeting. This fake meeting phishing campaign targets high-level executives such as CFOs, CTOs, and SVPs across a number of industries in an effort to steal logins and passwords from them.
This phishing campaign was observed by researchers from a security firm GreatHorn. The researchers noted that the scammers behind this phishing campaign spoof the name and email address of the CEO of the targeted company and send phishing emails to the company’s executives.
The phishing emails’ subject line includes the company name and a note about the board meeting. The body of the email states that the board meeting has been rescheduled and requests participation from executives to choose a new date. Employees are more likely non-suspicious as they believe that the email has come from their CEO.
“Importantly, on a mobile device, the native Outlook client overwrites the display name to say “Note to self,” further complicating the attack and making it even more likely for a recipient to interact with it, researchers from GreatHorn explained in a blog.
Redirecting employees to a phishing site
With the phishing emails targeting the senior executives of the company, a successful attack could provide attackers with access to highly sensitive data across the corporate network.
“The attack was found (and eliminated) in 14% of GreatHorn’s customer base. In addition to blacklisting the domain, GreatHorn correctly identifies the destination as suspicious in its Link Protection module,” GreatHorn reported.
Researchers noted that the phishing campaign is still active therefore warn users to be aware of the campaign and to be suspicious of any emails with a subject line - “New message: [Company Name] February in-person Board Mtg scheduling (2/24/19 update)”.