{"id":7781,"date":"2023-03-13T12:14:56","date_gmt":"2023-03-13T16:14:56","guid":{"rendered":"https:\/\/joindeleteme.com\/blog\/?p=7781"},"modified":"2024-10-10T17:54:46","modified_gmt":"2024-10-10T21:54:46","slug":"corporate-account-takeover-data-brokers","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/corporate-account-takeover-data-brokers\/","title":{"rendered":"3 Ways Data Brokers Enable Corporate Account Takeover"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block uk-card-default uk-padding\" style=\"font-size:16px\" id=\"rank-math-toc\"><h4>Table of Contents<\/h4><nav><ul><li><a href=\"#3-ways-data-brokers-enable-corporate-account-takeover\">3 Ways Data Brokers Enable Corporate Account Takeover\u00a0<\/a><\/li><li><a href=\"#data-broker-removal-vs-corporate-account-takeover-attacks\">Data Broker Removal vs. Corporate Account Takeover Attacks<\/a><\/li><li><a href=\"#who-is-at-risk-of-corporate-account-takeover\">Who Is At Risk of Corporate Account Takeover?\u00a0<\/a><\/li><li><a href=\"#other-steps-organizations-can-take-to-protect-against-corporate-account-takeover\">Other Steps Organizations Can Take to Protect Against Corporate Account Takeover<\/a><\/li><li><a href=\"#how-delete-me-minimizes-the-risk-of-corporate-account-takeover\">How DeleteMe Minimizes the Risk of Corporate Account Takeover<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Corporate account takeover (CATO) is a type of fraud where cybercriminals gain unauthorized access to business accounts such as corporate bank accounts and email accounts.&nbsp;<\/p>\n\n\n\n<p>It is becoming worryingly common. For example, <a href=\"https:\/\/www.barracuda.com\/reports\/spear-phishing-report-7\" target=\"_blank\" rel=\"noreferrer noopener\">one in five<\/a> companies had their Microsoft 365 account compromised in 2021.&nbsp;&nbsp;<\/p>\n\n\n\n<p>C-level executives are the most popular target of corporate account takeover, with CEOs and CFOs twice as likely to experience account takeover compared to the general workforce.&nbsp;<\/p>\n\n\n\n<p>Corporate account takeover happens when threat actors are able to acquire employees&#8217; usernames and passwords.&nbsp;&nbsp;<\/p>\n\n\n\n<p>There are many ways this can happen. Breached data sets for sale on the dark web, malware, password spraying, credential stuffing, and phishing campaigns are some of them.<\/p>\n\n\n\n<p>Common advice to protect against account takeover attacks includes using strong passwords, putting in place multi-factor authentication, and screening for compromised credentials.&nbsp;<\/p>\n\n\n\n<p>Another important corporate account takeover risk reduction tactic is data broker removals.&nbsp;<\/p>\n\n\n\n<p>Data brokers are companies that sell people\u2019s personal information online. Thanks to data brokers, executive data points like names, email addresses, dates of birth, pet names, family details, etc., are available with a simple Google search.&nbsp;<\/p>\n\n\n\n<p>This personal data on data broker sites makes it easier for cybercriminals to gain control over corporate accounts. Here\u2019s how.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"3-ways-data-brokers-enable-corporate-account-takeover\">3 Ways Data Brokers Enable Corporate Account Takeover&nbsp;<\/h2>\n\n\n\n<p>Here are three ways data broker profiles increase executives\u2019 risk of account takeover attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"data-brokers-expose-executives-email-addresses-making-the-first-step-of-password-spraying-easier\">Data brokers expose executives\u2019 email addresses, making the first step of password spraying easier&nbsp;<\/h3>\n\n\n\n<p>Password spraying is a common account takeover technique involving threat actors \u201cspraying\u201d common passwords across an entire company.&nbsp;<\/p>\n\n\n\n<p>Password spraying attacks start with attackers obtaining username accounts (i.e., email addresses) for a target company. These are typically not hard to find.&nbsp;<\/p>\n\n\n\n<p>Cybercriminals can purchase executive email lists on the dark web, find them on corporate websites, or even guess them (most companies use the same format for emails, for example, firstname.lastname@company.com).&nbsp;<\/p>\n\n\n\n<p>Threat actors can also get usernames through data broker sites.&nbsp;<\/p>\n\n\n\n<p>Here\u2019s what one data broker site offers its customers:&nbsp;<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"792\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-144629-1024x792.png\" alt=\"how data brokers facilitate corporate account takeover\" class=\"wp-image-7782\" style=\"width:512px;height:396px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-144629-1024x792.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-144629-300x232.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-144629-768x594.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-144629-1536x1188.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-144629.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>Note how the data broker provides both the most likely email formats used at this company and actual employee email addresses.&nbsp;<\/p>\n\n\n\n<p><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/business\/blog\/executive-privacy-and-executive-security-guide\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Ultimate Guide to Executive Privacy and Executive Security\u00a0<\/a><\/em><\/strong><\/p>\n\n\n\n<p>Once cybercriminals have a company\u2019s employees\u2019 usernames, they can try commonly used passwords to gain access to their accounts. Studies show that high-ranking business executives continue to use <a href=\"https:\/\/nordpass.com\/business-executive-passwords\/\" target=\"_blank\" rel=\"noreferrer noopener\">passwords like \u201c123456\u201d and \u201cqwerty.\u201d<\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"data-brokers-reveal-executive-personal-information-making-it-more-likely-theyll-fall-for-a-phishing-scam\">Data brokers reveal executive personal information, making it more likely they\u2019ll fall for a phishing scam<\/h3>\n\n\n\n<p>Social engineering or phishing campaigns are another way for attackers to get corporate passwords.<\/p>\n\n\n\n<p>Cybercriminals use phishing emails, social media messages, texts, or phone calls to trick executives into handing over their account information or downloading spyware.<\/p>\n\n\n\n<p>Threat actors can find executives\u2019 contact details via public records, corporate sites, social media accounts, and data brokers.&nbsp;<\/p>\n\n\n\n<p>The advantage of data brokers is that they provide multiple contact options for every individual, i.e., email addresses, phone numbers, and social media handles:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"539\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-162333-1024x539.png\" alt=\"\" class=\"wp-image-7783\" style=\"width:512px;height:270px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-162333-1024x539.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-162333-300x158.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-162333-768x404.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-162333-1536x808.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-162333.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>If cyber thieves can personalize their messages to their target, then it\u2019s even more likely that executives will share their login details. This is known as spear phishing. Last year, <a href=\"https:\/\/www.securitymagazine.com\/articles\/98536-over-255m-phishing-attacks-in-2022-so-far\" target=\"_blank\" rel=\"noopener\">more than three-quarters<\/a> of phishing threats detected by SlashNext were spear phishing credential harvesting attacks.&nbsp;<\/p>\n\n\n\n<p>When phishing executives for credentials, bad actors often pretend to be popular companies (Amazon, Microsoft, etc.), social networking sites, financial institutions, Better Business Bureau, or the Federal Trade Commission.<\/p>\n\n\n\n<p>For instance, recently, cybercriminals sent executives in multiple industries phishing emails that looked like they were <a href=\"https:\/\/www.digitaljournal.com\/tech-science\/docusign-case-shows-the-importance-of-solid-cybersecurity\/article\" target=\"_blank\" rel=\"noreferrer noopener\">from DocuSign<\/a> with the aim of stealing their login details.&nbsp;<\/p>\n\n\n\n<p><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/business\/blog\/data-broker-opt-outs-ceo-fraud-prevention\/\" target=\"_blank\" rel=\"noreferrer noopener\">Data Broker Opt-Outs for CEO Fraud Prevention<\/a><\/em><\/strong><\/p>\n\n\n\n<p>Because data brokers compile data from multiple sources, they cut down significantly on the amount of time cybercriminals have to spend on reconnaissance.&nbsp;<\/p>\n\n\n\n<p>Using the same data broker example as above, notice the filtering options available. Data broker customers can filter employees by their major, school they attended, job title, years of experience, and more.<\/p>\n\n\n\n<p>Now imagine that a threat actor filters employees by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Company&nbsp;<\/li>\n\n\n\n<li>School they attended.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>If an executive that attended Harvard gets an email that seems like it comes from the institution or fellow alumni, they are immediately more likely to click on a phishing link within the email.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"542\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-152211-1024x542.png\" alt=\"\" class=\"wp-image-7784\" style=\"width:512px;height:271px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-152211-1024x542.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-152211-300x159.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-152211-768x407.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-152211-1536x813.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-152211.png 2048w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<h3 class=\"wp-block-heading\" id=\"data-brokers-disclose-information-individuals-use-for-passwords-making-credential-stuffing-attacks-more-likely-to-succeed\">Data brokers disclose information individuals use for passwords, making credential-stuffing attacks more likely to succeed<\/h3>\n\n\n\n<p>Credential stuffing is generally defined as an attack where threat actors use breached details to log into other accounts.&nbsp;<\/p>\n\n\n\n<p>However, for high-value targets, threat actors also use personal information. The reason why is that many people use sensitive information for their login credentials.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.security.org\/resources\/online-password-strategies\/\" target=\"_blank\" rel=\"noreferrer noopener\">Popular password components<\/a> include birth year (21%), pet\u2019s name (18%), child\u2019s name (14%), parent\u2019s name (12%), partner\u2019s name (12%), street name (9%), and graduation year (7%).<\/p>\n\n\n\n<p>All this information is easy to find online. Most of it is also available on data broker sources.&nbsp;<\/p>\n\n\n\n<p><strong>Learn more: <em><a href=\"https:\/\/joindeleteme.com\/business\/blog\/breaches-weak-passwords-data-brokers\/\" target=\"_blank\" rel=\"noreferrer noopener\">The Link Between Weak Passwords, Data Breaches, and Data Brokers<\/a><\/em><\/strong><\/p>\n\n\n\n<p>For instance, here\u2019s a data broker that discloses an individual\u2019s address history and family details:<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"633\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-151129-1024x633.png\" alt=\"\" class=\"wp-image-7785\" style=\"width:512px;height:317px\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-151129-1024x633.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-151129-300x185.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-151129-768x474.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/03\/Screenshot-2023-03-02-151129.png 1447w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n<p>If this person used their street name or parent\u2019s\/partner\u2019s\/child\u2019s name for their password, bad actors would be able to break into their accounts.&nbsp;<\/p>\n\n\n\n<p>Cybercriminals don\u2019t even have to \u201cstuff\u201d this data manually. Instead, they can automate the process with advanced tools that let them enter personal data about their target (for example, names of family members or pets) and generate potential passwords from that data.&nbsp;<\/p>\n\n\n\n<p>Because hackers increasingly use sophisticated bots to obfuscate their activities, it&#8217;s very difficult for cybersecurity teams to detect these kinds of attacks.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"data-broker-removal-vs-corporate-account-takeover-attacks\">Data Broker Removal vs. Corporate Account Takeover Attacks<\/h2>\n\n\n\n<p>Easy access to executive personal information online makes it easier for threat actors to carry out account takeover attacks.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Removing executive profiles from data brokers makes it harder for threat actors to gather executive personal information. This, in turn, will make it more likely that attackers will move to a different target.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"who-is-at-risk-of-corporate-account-takeover\">Who Is At Risk of Corporate Account Takeover?&nbsp;<\/h2>\n\n\n\n<p>High-level executives are at a particularly high risk of account takeover.&nbsp;<\/p>\n\n\n\n<p>However, executive assistants are also targeted. This is mainly because they have access to executive calendars and accounts and because they sometimes also control the executive\u2019s inbox.&nbsp;<\/p>\n\n\n\n<p>HR and accounting\/financial teams are also targeted disproportionately compared to the average employee.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"other-steps-organizations-can-take-to-protect-against-corporate-account-takeover\">Other Steps Organizations Can Take to Protect Against Corporate Account Takeover<\/h2>\n\n\n\n<p>In addition to opting out of data broker sources, organizations should also take the following precautions to protect against account takeover:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Install and maintain security safeguards like antivirus on all workstations and devices.<\/li>\n\n\n\n<li>Teach employees to keep an eye out for suspicious account activity, like changed settings or unauthorized transactions (ACH transactions, wire transfers, etc.) on online banking accounts.<\/li>\n\n\n\n<li>Provide training on how to recognize suspicious emails, texts, social media messages, and malware-infected websites.<\/li>\n\n\n\n<li>Implement strong multi-factor authentication, like hardware MFA keys. Cybercriminals can circumvent call and SMS-based MFA solutions with phishing emails and texts or via SIM swap scams (where scammers impersonate their target to their phone company to get them to port over their target\u2019s phone number to their own).&nbsp;<\/li>\n\n\n\n<li>Put in place strong password policies and give executives and employees access to password managers.<\/li>\n\n\n\n<li>Stop relying on security questions for account security. Answers to security questions like \u201cwhat was the name of your first pet?\u201d or \u201cwhat is your mother\u2019s maiden name?\u201d are available via public records and data broker sources.<\/li>\n\n\n\n<li>Educate employees about the risks of oversharing on the internet and teach them how to reduce their digital footprint.<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"how-delete-me-minimizes-the-risk-of-corporate-account-takeover\">How DeleteMe Minimizes the Risk of Corporate Account Takeover<\/h2>\n\n\n\n<p>DeleteMe removes executive and employee personal information from some of the most popular data broker sites. Often, information from these sites appears on the first page of Google when someone searches for a person\u2019s email, phone number, or other personal information.<\/p>\n\n\n\n<p>Because many corporate account takeover techniques rely on hackers being able to find and exploit executive details, making this data as difficult to find as possible is a critical step in corporate account takeover prevention.&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Corporate account takeover (CATO) is a type of fraud where cybercriminals gain unauthorized access to business accounts such as corporate bank accounts and email accounts.&nbsp; It is becoming worryingly common. For example, one in five companies had their Microsoft 365 account compromised in 2021.&nbsp;&nbsp; C-level executives are the most popular target of corporate account takeover, [&hellip;]<\/p>\n","protected":false},"author":16,"featured_media":7786,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-7781","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7781","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/16"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7781\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/7786"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=7781"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=7781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}