- V3 Apps
Criminals have been uncovered selling stolen business contact details of executives from Forbes 100 companies via a new online black market, with concerns that the information could be used to create credible phishing attacks.
Security firm Webroot reported finding the malicious campaign, centred around Microsoft Access files containing the contact information of executives at a number of prominent firms, on Friday.
"[We spotted an] underground market advertisement, which basically offers a Microsoft Access file of data belonging to executives within major companies [...] obtained primarily through valid business cards," wrote Webroot's Dancho Danchev.
"The inventory consists of 508 contacts of foreign companies based in Russia, and 380 contacts belonging to other companies."
The marketplace reportedly has the data from big name companies like Coca Cola, Credit Suisse, Mercedez-Benz, Bloomberg and Carlsberg for sale.
Webroot said the data could be used to create sophisticated phishing scams. Phishing messages are emails or texts that are designed to entice the user into downloading an infected attachment or clicking on a weblink that re-directs them to a malware download page.
Danchev said that with the information on offer, criminals would be able to create much more enticing messages, increasing the number of victims falling for the scam.
Phishing scams have become an increasing problem for businesses. Prior to the discovery of the new marketplace selling business cards, numerous security vendors have listed phishing as one of cyber criminals most-used attack strategies.
Most recently, FireEye listed spear phishing as the most common attack targeting industry, claiming it on average detects at least one attempt on a company's network every three minutes.