Novel Approaches to Phishing and Risks to Corporate Data

April 5, 2021 By Chris Beinecke

Swish Data, a member of the Defense Industrial Base (DIB) and actively engaged in maintaining the highest level of organizational cybersecurity, has been working diligently implementing the Cybersecurity Maturity Model Certification (CMMC) policies and practices. As we continuously evolve our capabilities under the Awareness and Training (AT) requirements, we regularly learn and share information within the Cybersecurity world. With that in mind, this blog will cover the latest phishing/corporate secret threat we have seen which appears to be a new take on the old playbook and potentially a very dangerous threat to organizations that have not trained users for this method.

On March 31st, 2021, Kevin Beaumont, a Senior Threat Intelligence Analyst at Microsoft shared the following on Twitter.

Traditionally, we think of Phishing as an enticement for users to enter credentials for Corporate applications on a misrepresented page that may mimic the targeted organization. These evolving methods appear to directly solicit corporate logins, for data mining purposes, from users on behalf of organizations with names like the following shared by @BushidoToken:

They fake legitimacy by presenting themselves as a proprietary platform for “workers with universal access to their income and work data and control over who uses this data, how and when.” Participation is voluntary and the usage of your corporate credentials is for the purpose of “running compatibility tests with the Work Accounts to further build and improve” the platform. In addition, upon successful corporate credential verification, the voluntary “phishee” will receive an up to $500 payment with monthly $25 payments for each additional month that the credentials are valid.

Multiple researchers joined in with similar campaigns targeting organizations such as Walmart, J.P. Morgan Chase, The Hartford, and T-Mobile. Additional similarly malicious domains are listed below:

Swish Data, like most organizations, maintains an “Acceptable Use” policy whose terms are provided as regular reminders. New methods of credential solicitation warrant emphasis and explanation to users both in the form of an alert as well as integration into the existing Cybersecurity Training programs. As a trusted advisor to customers deeply integrated with vendors in the security space, Swish Data proactively engages our vendors to ensure their platforms integrate mitigations where applicable.

Key Questions:

How are you preparing your work force for similar solicitations of access to corporate systems?

Can you currently quantify how many of your employees would fall for something similar?

Do you have disgruntled or terminated employees that maintain access to corporate systems that may be at risk?

If you are interested in a further discussion on this or any other security related topic, please contact our Swish security team at (703) 635-3324 or email