eSentire is reporting that a medium sized hedge fund with less than $1 billion under management was spearphished. The attackers were able to gain access to the CFO’s wire transfer capabilities. Using the wire transfer tools, the attackers made several small transfers to accounts in China, Russia and Turkey aggregating $1.5 million. How did they pull it off? The bait was probably an email instructing the victim to check their voicemail messages.
This unfortunate theft was triggered by employees who were tricked by deceptive emails. Yet again, we see that email is an ideal medium for attackers to deceive users into compromising systems. Every user with an email account is an inside man who is a potential unwitting accomplice to attackers. Letting users decide which emails are trustworthy is dangerous. Using SP Guard, IT can determine a list of trusted senders and provide this information to staff in a simple and highly effective manner. You can contact us at 408-727-6342,ext 3 or use our online form.