Phishing

Overview of phishing techniques: Compromised account

Greg Belding
April 29, 2020 by
Greg Belding

Introduction

One phishing technique that has gotten a significant amount of mileage in recent years is known as the compromised account technique. This technique relies on the behavior of a user who’s been frightened by receiving an email informing them that their account has been breached. 

This article will detail the compromised account phishing technique. We’ll explore what a compromised account is, how it works and how you can spot this technique and avoid falling victim to it yourself. 

Two year's worth of NIST-aligned training

Two year's worth of NIST-aligned training

Deliver a comprehensive security awareness program using this series' 1- or 2-year program plans.

What is a compromised account?

The compromised account phishing technique is when phishers attempt to trick a user into sending them sensitive information, including login credentials to the account they claim is compromised. 

This phishing technique may become a springboard for malicious actions that can set the stage for other devastating attacks. This makes the compromised account technique especially dangerous because it may be the harbinger for installing keyloggers, compromising other accounts, a ransomware attack or worse.

Don’t confuse the compromised account technique with a literal compromised account, which is the crown jewel for phishers. This technique is not a rare phenomenon by any means — over 1.5 million malicious emails using this technique were sent from Outlook 365 accounts during the month of March 2019 alone. 

In terms of the nuts and bolts of this technique, it is really an attempted scam where a third-party company sends an email to a user falsely informing them that their account (which may be a work email, service provider or other account altogether) has been compromised. The user is prompted to log into a fake login window to reset their password or to download malicious software that will forward their personal information to the phishers. If the user acts on these instructions, voila! That is all it takes for the phishers to effectively compromise an account. 

This scam is simple, hard for the untrained eye to discern and incredibly effective. While not every user falls for this trick, enough do for it to persist to the present day. 

The sad thing about the whole situation is that no legitimate employer or third-party company would ask you to send them your password or other personal information in response to a compromised account. Many users don’t know this, and some are still finding this out the hard way.

How does the compromised account technique work?

This phishing technique works by exploiting the email user’s trust. First, the user receives an email from what appears to be a trusted source. The email is carefully crafted to make the user think it is legitimate (though you may be able to identify one by a misspelled domain name or URL). It often has an official-looking logo of the third-party company or account provider, and can even be sent from another compromised account — more on this later. 

Once the user opens this email, they are presented with a request for the user to validate, verify, change their password or upgrade their account. Those that have not received thorough cybersecurity training may fall for this. Sometimes, the email will ask you to download a form that will transmit your personal information to the phishers.

While this phishing technique can have devastating results for the user, just a little cybersecurity training will protect you from this trick. No matter the account provider (or how important said account is), remember that no legitimate account provider will ask you to send them your password or personal information. Just seeing this request should immediately raise red flags and provoke you to delete the message. 

What can phishers do with a compromised account?

As mentioned above, the intended goal of this phishing technique is to entice a user into sending their login credentials, personal information and other sensitive information to the phisher so they can actually compromise your account. Once an account is compromised, phishers can do a number of malicious things to you and your organization. Falling for this technique will give attackers all they need to breach your account.

Different examples of this technique

If anything can be said about the compromised account phishing technique, there is no lack of diversity or creativity. This list is by no means exclusive, but the initial phishing email can claim to be from:

  • Google requesting that you change your Gmail password because it was compromised
  • From Microsoft, regarding your Office 365 account
  • From your bank, informing you that your account has been breached
  • From your credit card provider
  • From Netflix
  • Potentially any popularly used account provider

What to do if you think you received a compromised account phishing email

If you think you have received this type of phishing email, you should:

  • Never respond to it
  • Never click on any links it contains
  • Never download any file attachments
  • Report it to your organization’s IT department where applicable. 42% of users with compromised accounts at organizations do not report the incident
  • Scan your system for malware
  • Double down on your organization’s cybersecurity training — you may have not been paying attention when phishing was covered
  • Check for misspelled URLs
  • Check for misspelled domains
  • Contact the account provider if you are still in doubt

Conclusion

A commonly encountered phishing technique is the compromised account technique. It relies on scaring the user when they are informed that their account (whatever kind it is) has been breached and provides a malicious link or attached file to get its phish hook lodged into the user’s proverbial mouth. 

The good thing is this technique is easy to shut down in its tracks. All it takes is for the user to realize that a legitimate account provider or organization would ask a user to update, validate or change their password with an email. 

 

Sources

  1. Phishing Emails Have Become Very Stealthy: Here are 5 Ways to Spot Them Every Time, Inc.com 
  2. Top Examples of Phishing Emails, Terranova Security.
  3. Compromised Office 365 Accounts Used to Send 1.5 Million Email Threats in March, Trend Micro Security
  4. Lateral Phishing Attackers Rapidly Increasing via Email Compromise, Heath IT Security
  5. Top 10 Types Of Phishing Emails, Security Metrics
Greg Belding
Greg Belding

Greg is a Veteran IT Professional working in the Healthcare field. He enjoys Information Security, creating Information Defensive Strategy, and writing – both as a Cybersecurity Blogger as well as for fun.