BEC Campaign Impersonates Boss Requesting Meeting Change

GreatHorn discovered a widespread business email compromise (BEC) phishing campaign targeting employees across multiple industries and organizations by impersonating senior executives via email spoofing. Threat actors claim a planned board meeting needs to be rescheduled and request participation in a Doodle poll to choose a new date. The polling link actually redirects users to an Office 365 credential theft site and any entered information submitted is sent to the threat actors. Using the stolen credentials, threat actors could gain access to highly sensitive data and perpetuate their malicious campaign. The NJCCIC strongly recommends never opening attachments or using links provided in unsolicited emails to visit websites requiring the input of account credentials. Users who receive unexpected or unsolicited requests from known senders inviting them to click on a link or open an attachment should always verify the sender via another means of communication before taking any action. We recommend reviewing GreatHorn’s post for more details about this phishing campaign.