3 min read

Financial Sector Business Leaders Targeted by Cyberattacks from India

Silviu Stahie

May 29, 2020

Financial Sector Business Leaders Targeted by Cyberattacks from India

Companies in financial services, consulting and healthcare, along with business leaders, have been targeted by hackers from India using accounts spoofing the World Health Organization (WHO). 

Not all spam and phishing campaigns are used in the same way. Regular users usually encounter mass distributed attacks with no particular target. Bad actors use massive volumes of emails to catch anybody they can. 

Targeted phishing, meanwhile, is usually aimed directly at company employees. Most of the time, these messages are crafted in such a way to trick people into using their credentials to log in to spoofed websites that imitate official resources. Now, with the COVID-19 pandemic in full swing, the messages claim to come from the WHO. It’s just another method to give credence to the phishing campaigns. 

There is a third type of phishing campaign, known as a whaling attack, that consists of highly specialized messages targeting business leaders and executives. 

Google's Threat Analysis Group (TAG) has tracked a number of these campaigns in 2020, including one that has been using Gmail accounts spoofing WHO. 

"The accounts have largely targeted business leaders in financial services, consulting, and healthcare corporations within numerous countries including the U.S., Slovenia, Canada, India, Bahrain, Cyprus, and the U.K.," states Google's report. 

"The lures themselves encourage individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements, and link to attacker-hosted websites that bear a strong resemblance to the official WHO website." 

Hackers' goals were clear, as they attempted to steal Google account credentials, along with other personal information, including phone numbers. Such details, especially coming from executives in companies, can be used in BEC attacks (business email compromise), a method widely used by criminals to defraud businesses. 

The WHO spoofing spam and phishing is not going to stop anytime soon and, just like the virus itself, we may need to live with it for the foreseeable future.



Silviu Stahie

Silviu is a seasoned writer who followed the technology world for almost two decades, covering topics ranging from software to hardware and everything in between. He's passionate about security and the way it shapes the world, in all aspects of life. He's also a space geek, enjoying all the exciting new things the Universe has to offer.

View all posts

You might also like