{"id":7858,"date":"2023-04-13T10:34:56","date_gmt":"2023-04-13T14:34:56","guid":{"rendered":"https:\/\/joindeleteme.com\/blog\/?p=7858"},"modified":"2025-04-30T11:11:52","modified_gmt":"2025-04-30T15:11:52","slug":"how-cybercriminals-use-data-brokers-for-executive-phishing","status":"publish","type":"b2b-post","link":"https:\/\/joindeleteme.com\/business\/blog\/how-cybercriminals-use-data-brokers-for-executive-phishing\/","title":{"rendered":"Preventing Executive Phishing In 2025"},"content":{"rendered":"\n<div class=\"wp-block-rank-math-toc-block\" id=\"rank-math-toc\"><h2>Table of Contents<\/h2><nav><ul><li><a href=\"#executive-phishing-definitions\">Executive Phishing Definitions\u00a0\u00a0<\/a><\/li><li><a href=\"#phishing-email-training-for-executives\">Phishing Email Training for Executives<\/a><\/li><li><a href=\"#executive-phishing-personal-data\">Executive Phishing Personal Data<\/a><\/li><li><a href=\"#ai-generated-phishing-scams-increasingly-target-corporate-executives\">AI-Generated Phishing Scams Increasingly Target Corporate Executives<\/a><\/li><li><a href=\"#executive-phishing-prevention-requires-executive-data-removal-from-common-information-exposure-sources\">Executive Phishing Prevention Requires Executive Data Removal from Common Information Exposure Sources\u00a0<\/a><\/li><\/ul><\/nav><\/div>\n\n\n\n<p>Executive phishing is one of the biggest threats your organization faces in 2025 and beyond.\u00a0<\/p>\n\n\n\n<p>From studies published during the past year, we know that phishing remains <a href=\"https:\/\/www.ibm.com\/reports\/threat-intelligence\" target=\"_blank\" rel=\"noreferrer noopener\">a top threat vector.<\/a> We also know that executives (CEOs, CFOs, etc.) are <a href=\"https:\/\/www.ivanti.com\/company\/press-releases\/2022\/one-in-five-security-professionals-won-t-bet-a-chocolate-bar-they-could-prevent-a-damaging-breach\" target=\"_blank\" rel=\"noreferrer noopener\">four times<\/a> more likely to fall for phishing than the average employee.\u00a0<\/p>\n\n\n\n<p>A compromised executive account (which often has advanced permissions) gives a threat actor direct access to the heart of your organization&#8217;s IT environment, while a compromised executive who thinks they are talking to a colleague or superior can wipe out millions of dollars of enterprise value in minutes by accidentally (or otherwise) making a fraudulent payment or enabling a data breach.&nbsp;<\/p>\n\n\n\n<p>Fortunately, at DeleteMe, we know a lot about preventing executive phishing.&nbsp;<\/p>\n\n\n\n<p>Since 2012, DeleteMe has helped dozens of household name companies protect their executives from phishing attacks by taking their personal information away from sources of online exposure.&nbsp;<\/p>\n\n\n\n<p>Information removal is a tried and tested method of executive phishing risk reduction that still works extremely well today<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>DeleteMe removes executives\u2019 personal data from online data exposure sources. <\/strong>\u00a0<\/li>\n<\/ul>\n\n\n\n<p>This article distills our experience and recent market data into a concise guide to preventing executive phishing.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"executive-phishing-definitions\">Executive Phishing Definitions&nbsp;&nbsp;<\/h2>\n\n\n\n<p>Phishing executives is \u201cexecutive phishing.\u201d&nbsp;<\/p>\n\n\n\n<p><strong>Phishing<\/strong> = A type of cyber attack where criminals pretend to be someone else (e.g., a colleague, bank, service, etc.) to trick people into taking specific actions or sharing sensitive information (e.g., login credentials or personal details). Phishing campaigns are often broadly targeted. For example, a phishing email might be sent to everyone in a company.<\/p>\n\n\n\n<p><strong>Executive phishing <\/strong>= Phishing campaigns targeted at executives, including emails, texts, social media messages, phone calls, and lately, even video calls.&nbsp;<\/p>\n\n\n\n<p>The term \u201cexecutive phishing\u201d is also sometimes used to refer to phishing attacks that impersonate executives to other employees (more appropriately known as \u201cCEO email scam,\u201d \u201cCEO fraud,\u201d or \u201cwhaling.\u201d)&nbsp;<\/p>\n\n\n\n<p>Below is a table with different executive phishing definitions and examples.<\/p>\n\n\n\n<figure class=\"wp-block-table\"><table class=\"has-fixed-layout\"><tbody><tr><td><strong>Term<\/strong><\/td><td><strong>Description<\/strong><\/td><td><strong>Examples<\/strong><\/td><\/tr><tr><td>Phishing<\/td><td>Broad attacks pretending to be trusted sources that aim to steal info or trick users into actions.<\/td><td>2024 Midnight Blizzard campaign that targeted 100s of companies in the US.&nbsp;<\/td><\/tr><tr><td>Executive Phishing<\/td><td>Phishing aimed at executives via email, texts, calls, social messages, or videos.<\/td><td>2024 attack on the CEO of global advertising firm WPP that used a voice clone and a fake WhatsApp account.<\/td><\/tr><tr><td>Whaling<\/td><td>Phishing that targets high-level execs (\u201cwhales\u201d), often impersonating them to others.<\/td><td>2024 attack on a campaign official in a US presidential campaign.&nbsp;<\/td><\/tr><tr><td>Executive Spear Phishing<\/td><td>Highly targeted, personalized phishing aimed at a specific executive.<\/td><td>2015 attack on Mattel, where a fake email from the \u201cnew CEO\u201d led to a $3M wire transfer.<\/td><\/tr><tr><td>Executive Cell Phishing<\/td><td>Phishing that either targets executives or impersonates them to other employees via mobile phones (work or personal).<\/td><td>2024 attack on a Ferrari executive that impersonated the company\u2019s CEO.&nbsp;<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<h3 class=\"wp-block-heading\">Executive Phishing vs Whaling<\/h3>\n\n\n\n<p>Executive phishing and whaling mean more or less the same thing.&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Executive phishing<\/strong> is phishing carried out against executives.\u00a0<\/li>\n\n\n\n<li><strong>Whaling<\/strong> is phishing carried out against high-ranking executives, i.e., the \u201cwhales.\u201d In these attacks, criminals often impersonate executives to other employees, hoping they won\u2019t question the phishing attempt due to the impersonated person\u2019s authority. This is also known as \u201cCEO email scam\u201d or \u201cCEO fraud.\u201d\u00a0<\/li>\n<\/ul>\n\n\n\n<p>An example of a whaling attack is the 2024 attack on a high-level staffer in the presidential campaign. The attack resulted in <a href=\"https:\/\/apnews.com\/article\/trump-campaign-hack-iran-phishing-b77458428a25e694a738a8c82219f271\" target=\"_blank\" rel=\"noreferrer noopener\">the leak of sensitive documents<\/a>.\u00a0<\/p>\n\n\n\n<p>There are lots of older examples too, like the attack on Snapchat\u2019s payroll department involving an <a href=\"https:\/\/money.cnn.com\/2016\/02\/29\/technology\/snapchat-phishing-scam\/index.html#:~:text=The%20incident%20took%20place%20on,reported%20it%20to%20the%20FBI\" target=\"_blank\" rel=\"noreferrer noopener\">email<\/a> that looked like it came from the company\u2019s CEO (Evan Spiegel), asking for current and former employees\u2019 payroll information.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"872\" height=\"726\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/snapchatceoemailscam-2.png\" alt=\"Snapchat CEO email scam headline\" class=\"wp-image-17256\" style=\"width:512px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/snapchatceoemailscam-2.png 872w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/snapchatceoemailscam-2-300x250.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/snapchatceoemailscam-2-768x639.png 768w\" sizes=\"(max-width: 872px) 100vw, 872px\" \/><\/figure>\n\n\n\n<p>Believing the email to be legitimate, the employee complied with the request. The result? Multiple employees\u2019 personal information was shared with criminals.&nbsp;&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Executive Spear Phishing<\/h3>\n\n\n\n<p>Executive spear phishing is a subset of spear phishing, which is a targeted phishing attack that\u2019s tailored to a specific role or person. Executive spear phishing is a phishing attack that\u2019s explicitly tailored and personalized to an executive.&nbsp;<\/p>\n\n\n\n<p>For example, in 2015, a finance executive at the toymaker Mattel received an email <a href=\"https:\/\/www.csoonline.com\/article\/555513\/chinese-scammers-take-mattel-to-the-bank-phishing-them-for-3-million.html#:~:text=On%20April%2030%2C%202015%20a,request%2C%20but%20checked%20protocol%20anyway\" target=\"_blank\" rel=\"noreferrer noopener\">pretending to be from the new CEO<\/a>, urgently requesting a wire transfer to a new vendor in China\u200b. The executive thought the request was real and performed a $3 million transfer to a Chinese bank account\u200b.<\/p>\n\n\n\n<p>The fraud was only discovered after the executive mentioned the payment to the real CEO, who denied ever authorizing it\u200b.&nbsp;<\/p>\n\n\n\n<p>Fortunately for Mattel, the next day after the transfer, there was a bank holiday in China, which delayed the funds and led to Mattel recovering the entire $3 million.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Executive Cell Phone Phishing Scams<\/h3>\n\n\n\n<p>Executive cell phone phishing scams are also on the rise, with cybersecurity researchers <a href=\"https:\/\/siliconangle.com\/2024\/12\/18\/zimperium-warns-growing-threat-sophisticated-mobile-phishing-attacks-targeting-executives\/\" target=\"_blank\" rel=\"noreferrer noopener\">warning to watch out for mobile phishing threats<\/a>.\u00a0<\/p>\n\n\n\n<p>It is an attack that targets executives via their work or personal mobile phones.&nbsp;<\/p>\n\n\n\n<p>Executives either receive calls (an attack known as &#8220;vishing&#8221;) from criminals or receive fake messages (known as &#8220;smishing&#8221;) meant to manipulate them into revealing confidential information or doing something that will compromise the security of an organization.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"phishing-email-training-for-executives\">Phishing Email Training for Executives<\/h2>\n\n\n\n<p>Phishing email training for executives is important, but training won&#8217;t stop executive phishing attacks.&nbsp;<\/p>\n\n\n\n<p>In general, phishing and security awareness training isn\u2019t something that most employees are thrilled about. Executives, who have busy schedules, are no exception.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Of employees who receive security awareness training, <a href=\"https:\/\/go.dashlane.com\/q1-state-of-credential-security.html\" target=\"_blank\" rel=\"noreferrer noopener\">one in five<\/a> (22%) admit they would rather be stuck in rush-hour traffic than attend it.<\/li>\n\n\n\n<li><a href=\"https:\/\/go.dashlane.com\/q1-state-of-credential-security.html\" target=\"_blank\" rel=\"noreferrer noopener\">One in ten<\/a> (11%) of those receiving security awareness training say they would prefer a root canal.<\/li>\n<\/ul>\n\n\n\n<p>Phishing email training is not effective against the personalized phishing campaigns that tend to target executives.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"executive-phishing-personal-data\">Executive Phishing Personal Data<\/h2>\n\n\n\n<p>Personal information plays a key role in executive phishing attacks.&nbsp;<\/p>\n\n\n\n<p>By personalizing their phishing campaigns with executives\u2019 personal details, attackers can create very targeted, customized messages that are more believable and more likely to succeed.&nbsp;<\/p>\n\n\n\n<p>Take a look at the following <a href=\"https:\/\/www.reddit.com\/r\/Scams\/comments\/1crxafa\/sophisticated_workplace_phishing_scam_almost\/\" target=\"_blank\" rel=\"noreferrer noopener\">executive phishing email<\/a>.\u00a0<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"717\" height=\"1024\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/executivephishingemail-717x1024.png\" alt=\"Reddit post about a sophisticated workplace phishing scam targeting an executive \" class=\"wp-image-17257\" style=\"width:526px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/executivephishingemail-717x1024.png 717w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/executivephishingemail-210x300.png 210w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/executivephishingemail-768x1096.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/executivephishingemail.png 814w\" sizes=\"(max-width: 717px) 100vw, 717px\" \/><\/figure>\n\n\n\n<p>The attacker impersonated a senior software engineer to the company\u2019s CEO, asking them to change their direct deposit details.&nbsp;<\/p>\n\n\n\n<p>Note how the attacker knew and used:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>The software engineer\u2019s name and role.<\/li>\n\n\n\n<li>The company name.<\/li>\n\n\n\n<li>Their boss\u2019 name.\u00a0<\/li>\n\n\n\n<li>Their boss\u2019 work email.\u00a0<\/li>\n<\/ul>\n\n\n\n<p>The only red flag was the sender\u2019s email address.&nbsp;<\/p>\n\n\n\n<p>Attackers find executives\u2019 details through information on:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Social media profiles (e.g., LinkedIn, Facebook, etc.).<\/li>\n\n\n\n<li>Corporate websites (great for finding information on executives\u2019 roles and responsibilities).<\/li>\n\n\n\n<li>News articles, press releases, interviews, and conference speaker bios.<\/li>\n<\/ul>\n\n\n\n<p>And\u2026 data brokers.&nbsp;<\/p>\n\n\n\n<p><strong>Data brokers are a particularly dangerous source of executive personal information exposure. These companies collate executives\u2019 details from multiple different sources into one place, making reconnaissance much easier and faster.&nbsp;<\/strong><\/p>\n\n\n\n<p>Rather than having to piece bits of information from various different sources themselves (social media, public records, past data breaches, etc.), attackers can get it all in one place through data brokers.&nbsp;<\/p>\n\n\n\n<p>Unfortunately, the role that data brokers play in executive phishing attacks (and cybersecurity threats in general) is rarely talked about.<\/p>\n\n\n\n<p>To minimize executive phishing threats, it\u2019s more common to recommend security awareness training, email phishing protection solutions, and multi-factor authentication (MFA).&nbsp;<\/p>\n\n\n\n<p>While relevant and necessary, these controls can\u2019t stop personalized attacks.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"415\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/whyisitalwaysc-suitewhofallforphishing-1024x415.png\" alt=\"Reddit post - &quot;Why is it always C-suite who fall for phishing emails?&quot; \" class=\"wp-image-17258\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/whyisitalwaysc-suitewhofallforphishing-1024x415.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/whyisitalwaysc-suitewhofallforphishing-300x121.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/whyisitalwaysc-suitewhofallforphishing-768x311.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/whyisitalwaysc-suitewhofallforphishing.png 1368w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Data broker removal services can prevent executive phishing by making it harder for attackers to launch personalized attacks.&nbsp;<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">How Data Brokers Make Executive Phishing Easier&nbsp;<\/h3>\n\n\n\n<p>Executive phishing involves three steps: finding a high-profile target, researching the target, and creating the bait.&nbsp;<\/p>\n\n\n\n<p>Data brokers make each one of these steps easy.&nbsp;<\/p>\n\n\n\n<p>Here&#8217;s how data brokers enable each one of these three executive phishing steps:<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1. Finding a high-profile target\u00a0<\/h4>\n\n\n\n<p>Like any other spear phishing attack, executive phishing attacks start with cybercriminals finding specific individuals to phish.&nbsp;<\/p>\n\n\n\n<p>How does this happen? Well, thanks to a series of <a href=\"https:\/\/www.varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\">document leaks<\/a> from a prominent cybercriminal group, we know that threat actors use business data brokers to find potential targets&#8217; names, job roles, and contact information (email addresses, phone numbers, etc.).\u00a0<\/p>\n\n\n\n<p>These kinds of business data brokers are valuable because they provide lists of employees, including C-suite ones, for thousands of companies worldwide.&nbsp;<\/p>\n\n\n\n<p>On most B2B brokers, you can even filter employees by department and seniority:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"519\" height=\"1024\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfilters-519x1024.png\" alt=\"Data broker filters - search by department, seniority, job title, etc. \" class=\"wp-image-17259\" style=\"width:378px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfilters-519x1024.png 519w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfilters-152x300.png 152w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfilters.png 714w\" sizes=\"(max-width: 519px) 100vw, 519px\" \/><\/figure>\n\n\n\n<p>Other filtering options provided are organizations&#8217; financial data, i.e., reported revenues. This is a handy feature for financially-motivated attackers:&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"542\" height=\"577\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokercompanyrevenue.png\" alt=\"Data broker - search by organizations' financial data like reported revenues \" class=\"wp-image-17260\" style=\"width:388px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokercompanyrevenue.png 542w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokercompanyrevenue-282x300.png 282w\" sizes=\"(max-width: 542px) 100vw, 542px\" \/><\/figure>\n\n\n\n<h4 class=\"wp-block-heading\">2. Researching the target<\/h4>\n\n\n\n<p>Once attackers identify a target, they start their research. Here\u2019s the kind of information they can find about executives on data broker databases:&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Work experience and education<\/h5>\n\n\n\n<p>The profiles that business data brokers have on employees include a ton of exploitable information, like their work experience and education.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1021\" height=\"1024\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerprofessionalprofile-1021x1024.png\" alt=\"A professional's profile on a data broker website\" class=\"wp-image-17261\" style=\"width:587px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerprofessionalprofile-1021x1024.png 1021w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerprofessionalprofile-300x300.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerprofessionalprofile-150x150.png 150w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerprofessionalprofile-768x770.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerprofessionalprofile.png 1412w\" sizes=\"(max-width: 1021px) 100vw, 1021px\" \/><\/figure>\n\n\n\n<p>Knowing where an executive went to school and where they worked previously can help threat actors find a \u201chook\u201d for executive phishing campaigns.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Business org chart<\/h5>\n\n\n\n<p>Some business data brokers also show org charts for companies and employees, including for specific departments:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"822\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerbusinessorgchart-1024x822.png\" alt=\"Business org chart on a data broker\" class=\"wp-image-17262\" style=\"width:583px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerbusinessorgchart-1024x822.png 1024w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerbusinessorgchart-300x241.png 300w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerbusinessorgchart-768x616.png 768w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerbusinessorgchart-1536x1233.png 1536w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerbusinessorgchart.png 1600w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>Why does this matter?&nbsp;<\/p>\n\n\n\n<p>For an executive phishing attack to succeed, there needs to be a justifiable and valid context between the sender and the recipient.&nbsp;<\/p>\n\n\n\n<p>For this reason, executive phishing attacks that target C-level executives often seem like they come from other high-level employees. Knowing a company\u2019s internal structure makes it easier for scammers to choose the right individuals to impersonate.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Communication style<\/h5>\n\n\n\n<p>Business data broker profiles also include links to executives\u2019 social media pages like LinkedIn and Facebook. These often include other relevant information that threat actors can use to make their executive phishing campaigns look more believable.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"738\" height=\"282\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokersociallinks.png\" alt=\"Links to a professional's social media on a data broker profile \" class=\"wp-image-17263\" style=\"width:497px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokersociallinks.png 738w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokersociallinks-300x115.png 300w\" sizes=\"(max-width: 738px) 100vw, 738px\" \/><\/figure>\n\n\n\n<p>For example, executives\u2019 social media posts and comments can give attackers an indication of the executive\u2019s tone of voice.<\/p>\n\n\n\n<p>Threat actors can then match the language in their email to the language the executive likely uses.<\/p>\n\n\n\n<p>Today, criminals don\u2019t even have to do this manually. Instead, they can provide a sample of an executive\u2019s communications to <a href=\"https:\/\/www.csoonline.com\/article\/3685368\/study-shows-attackers-can-use-chatgpt-to-significantly-enhance-phishing-and-bec-scams.html\" target=\"_blank\" rel=\"noreferrer noopener\">AI chatbots<\/a> to create a message in their writing style, saving time and cutting down on potential mistakes.\u00a0<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Family members<\/h5>\n\n\n\n<p>Cybercriminals are not limited to professional data when it comes to information gathering.&nbsp;<\/p>\n\n\n\n<p>In addition to business data brokers, there are also \u201cregular\u201d data brokers, commonly known as people search sites. These data brokers have more sensitive data about individuals, including details about their family members and marital status.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"714\" height=\"880\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfamilymembers.png\" alt=\"Family member information on a person's people search site profile \" class=\"wp-image-17264\" style=\"width:509px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfamilymembers.png 714w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokerfamilymembers-243x300.png 243w\" sizes=\"(max-width: 714px) 100vw, 714px\" \/><\/figure>\n\n\n\n<p>Depending on the context of the phishing email, it might make sense for cybercriminals to include this information as proof that they are trustworthy.&nbsp;<\/p>\n\n\n\n<h5 class=\"wp-block-heading\">Social profiles<\/h5>\n\n\n\n<p>Some data brokers also include links to people\u2019s professional and personal social media profiles like LinkedIn, Facebook, Instagram, etc.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"720\" height=\"934\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokersocialprofiles.png\" alt=\"A person's social profiles on their people search site profile \" class=\"wp-image-17265\" style=\"width:488px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokersocialprofiles.png 720w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/databrokersocialprofiles-231x300.png 231w\" sizes=\"(max-width: 720px) 100vw, 720px\" \/><\/figure>\n\n\n\n<p>Based on the kind of information executives share on their social accounts, this could give cybercriminals even more data to play with.&nbsp;<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3. Creating the bait<\/h4>\n\n\n\n<ol start=\"3\" class=\"wp-block-list\"><\/ol>\n\n\n\n<p>When a threat actor gathers enough personal information about their target, they can use social engineering tactics to create a convincing executive phishing campaign.&nbsp;<\/p>\n\n\n\n<p>This can come in the form of a phishing email, phone call, or social media\/text message.<\/p>\n\n\n\n<p>Whatever a cybercriminal\u2019s goal\u2014tricking the executive into handing over sensitive data (login credentials, bank account or credit card details, etc.), deploying malware (for example, ransomware), or authorizing a fraudulent wire transfer\u2014they are likely to succeed.&nbsp;<\/p>\n\n\n\n<p>That is, as long as they have thoroughly researched their target and picked a trusted person to imitate.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/www.scmagazine.com\/news\/identity-and-access\/executives-are-four-times-more-likely-to-be-victims-of-phishing-than-workers\" target=\"_blank\" rel=\"noreferrer noopener\">More than one in three<\/a> business leaders say they have clicked on a phishing link.\u00a0<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"ai-generated-phishing-scams-increasingly-target-corporate-executives\">AI-Generated Phishing Scams Increasingly Target Corporate Executives<\/h2>\n\n\n\n<p>AI is making executive phishing faster and more effective.&nbsp;<\/p>\n\n\n\n<p>Criminals are using AI to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Find and analyze large amounts of publicly available data about executives and the organizations they work for. <\/strong>This dramatically decreases the amount of time it takes to build a detailed target profile. A <a href=\"https:\/\/arxiv.org\/abs\/2412.00586?ref=hackernoon.com\" target=\"_blank\" rel=\"noreferrer noopener\">Harvard study<\/a> found that AI models can collect accurate and useful data on individuals in 88% of cases.\u00a0<\/li>\n\n\n\n<li><strong>Identify details, like a target executive\u2019s writing style or network of colleagues, <\/strong>which allows them to personalize messages with context that would be difficult to piece together manually. We know from <a href=\"http:\/\/varonis.com\/blog\/contileaks\" target=\"_blank\" rel=\"noreferrer noopener\">leaked criminal chat transcripts<\/a> that attackers look for contacts to \u201cname drop\u201d within their phishing campaigns to make them look more believable.\u00a0<\/li>\n\n\n\n<li><strong>Translate phishing messages into the executive\u2019s native language,<\/strong> improving credibility and imbue messages with local cultural references. That same Harvard study quoted above found that AI-generated phishing emails saw a 54% click-through rate &#8211; the same as emails written by humans and higher than arbitrary phishing emails (12% click-through rate).\u00a0<\/li>\n<\/ul>\n\n\n\n<p>In other words, AI has turned what used to be highly tailored, one-off phishing campaigns (i.e., the very definition of executive phishing) into attacks that can be done at scale.&nbsp;<\/p>\n\n\n\n<p>Executives everywhere are feeling the brunt, including at large enterprises.&nbsp;<\/p>\n\n\n\n<figure class=\"wp-block-image size-full is-resized\"><img loading=\"lazy\" decoding=\"async\" width=\"921\" height=\"934\" src=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/aiphishingscamstargetexecutives-2.png\" alt=\"Financial Times headline - &quot;AI-generated phishing scams target corporate executives&quot; \" class=\"wp-image-17266\" style=\"width:540px;height:auto\" srcset=\"https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/aiphishingscamstargetexecutives-2.png 921w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/aiphishingscamstargetexecutives-2-296x300.png 296w, https:\/\/joindeleteme.com\/wp-content\/uploads\/2023\/04\/aiphishingscamstargetexecutives-2-768x779.png 768w\" sizes=\"(max-width: 921px) 100vw, 921px\" \/><\/figure>\n\n\n\n<p>E-commerce group eBay and British insurer Beazley have noted a rise in executive phishing campaigns that include personal information, more than likely obtained via AI analysis of online data.<\/p>\n\n\n\n<p><em>\u201cThis [executive phishing] is getting worse and it\u2019s getting very personal, and this is why we suspect AI is behind a lot of it. We\u2019re starting to see very targeted attacks that have scraped an immense amount of information about a person,\u201d <\/em>said Kirsty Kelly, Beazley\u2019s chief information security officer, in <a href=\"https:\/\/www.ft.com\/content\/d60fb4fb-cb85-4df7-b246-ec3d08260e6f\" target=\"_blank\" rel=\"noreferrer noopener\">a Financial Times article<\/a>.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"executive-phishing-prevention-requires-executive-data-removal-from-common-information-exposure-sources\">Executive Phishing Prevention Requires Executive Data Removal from Common Information Exposure Sources&nbsp;<\/h2>\n\n\n\n<p>Personal information is the fuel that drives effective executive phishing.<\/p>\n\n\n\n<p>Knowledge of an executive\u2019s life and network helps attackers create highly targeted executive phishing campaigns.&nbsp;<\/p>\n\n\n\n<p><a href=\"https:\/\/joindeleteme.com\/business\/\" target=\"_blank\" rel=\"noreferrer noopener\">Executive data removal<\/a> from common information exposure sources, particularly data brokers, makes cyber criminals&#8217; jobs harder and can reduce the risk that phishing attacks create for executives.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Learn how attackers exploit executives\u2019 personal data and discover proven strategies to prevent executive phishing attacks.<\/p>\n","protected":false},"author":16,"featured_media":7872,"menu_order":0,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"b2b-category":[45],"class_list":["post-7858","b2b-post","type-b2b-post","status-publish","format-standard","has-post-thumbnail","hentry","b2b-category-resources"],"acf":[],"_links":{"self":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7858","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post"}],"about":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/types\/b2b-post"}],"author":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/users\/16"}],"version-history":[{"count":0,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-post\/7858\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media\/7872"}],"wp:attachment":[{"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/media?parent=7858"}],"wp:term":[{"taxonomy":"b2b-category","embeddable":true,"href":"https:\/\/joindeleteme.com\/wp-json\/wp\/v2\/b2b-category?post=7858"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}