Scammers Targeting Public Companies With Fake Emails From SEC
According to the FBI, Spear phishing is a “more mischievous type of phishing… [that] target select groups of people with something in common”
All of the observed intended recipients of the spear phishing campaign appeared to be involved with SEC filings for their respective organizations. Many of the recipients were even listed in their company’s SEC filings. The sender email address was spoofed as “EDGAR <firstname.lastname@example.org>” and the attachment was named “Important_Changes_to_Form10_K.doc”.
While the hackers’ intent is not certain, FireEye says the hackers “can profit from compromised organizations in several ways. If the attackers are attempting to compromise persons involved in SEC filings due to their information access, they may ultimately be pursuing securities fraud or other investment abuse. Alternatively, if they are tailoring their social engineering to these individuals, but have other goals once they have established a foothold, they may intend to pursue one of many other fraud types.“
Learn more HERE.