|
A recent study of CEO impersonation showed that phishing in its various forms is a threat not just to the world’s top companies but also to the top CEOs.
The investigation on 2,157 domains and 652 subdomains containing the top 100 CEOs on Glassdoor’s list revealed that:
These statistics prompted the questions:
Of the top 100 CEOs, the following had the highest number of registered domains:
The remaining 1,124 domains were distributed across the remaining 95 CEOs.
The top 5 CEOs in terms of number of subdomains, meanwhile, are:
The remaining 265 subdomains were distributed across the remaining 95 CEOs.
Of the 2,157 domains containing the top 100 CEOs’ names, only 2% are publicly attributable to the companies they’re part of based on WHOIS information.
While many organizations may already regularly monitor how their brands are used online to ensure these don’t get abused in malicious campaigns, not every company does. Bank of America is a great example of an organization that buys domains (e.g., bankofamerica4[.]com), even those that contain misspelled variants of its brand or company name, as part of its brand protection efforts.
Looking at the results for the top 100 CEOs, its CEO Brian T. Moynihan’s name only appeared in 24 domains and no subdomains. Among the domains containing the CEO’s name, 67% were owned by the bank. Bank of America could also be monitoring web properties whose domains contain its CEO’s name. That could be a good anti-BEC practice.
A similar attribution couldn’t be established for organizations like Apple, Milwaukee Tool, Fidelity Investments, and M&T Bank. What’s more, domains containing their CEOs’ names were dubbed “malicious” on Bambenek Consulting OSINT Data Feeds, Google Safe Browsing, and VirusTotal, including timcooktoo[.]com, stevenrichman[.]com, abbyjohnson[.]xyz, and renettejones[.]com. Interestingly, brianmoynihan[.]com (which could be related to Bank of America’s CEO) was also found malicious.
As this post showed, companies the world over may need to extend the brand protection efforts to include their executives’ names to the list of trademarks, copyright terms, brand names, and all other web properties and digital assets they monitor. Domains with their respective CEOs’ names could be misused or abused in BEC scams targeting their employees that will not only cost them financially but also tarnish their reputation.
For more information on the intelligence gathered in this post or to run a joint security analysis, feel free to contact us.
Sponsored byRadix
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byVerisign
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byCSC