Active Risk Alert: Firms Receiving Phishing Attempts from Compromised Internal Emails
On August 11th, ACA confirmed three financial services firms are experiencing phishing attacks using identical phishing emails and tactics. While the scope of these attacks is still unclear, it is likely that other firms in the industry will be targeted, and firms should notify their employees to be on heightened alert.
Example phishing email
The emails have all come from legitimate but compromised email accounts from within the firms, with a subject line: “Fund Distribution notice August 2023 | [COMPANY NAME REDACTED]”.
Below is a sample phishing email in circulation:
Immediate action
In this instance, attackers are looking to capitalize on the fact that the email is coming from a known source, so recipients are more likely to trust that the message is safe and open the attachment. Because of this, firms should ensure their employees are made aware of the threat as soon as possible and are ready to react appropriately.
If an employee receives an unexpected email like the sample email above, they should:
- Not click any links in the email or open any attachments. Immediately escalate the issue to the firm’s IT team.
- Confirm the validity of the email by directly contacting the individual that appears to be sending the message.
- Reach out to trusted cyber advisors and alert them to the issue.
Our guidance
It is crucial to educate employees on the dangers of phishing attempts, as well as the precautions they ought to take. These precautions include:
- Never trust the “From” field in an email
- Do not download attachments from an unsolicited source
- Be cautious of alarmist email subject lines (e.g., “urgent”, “transfer”, “request”, etc.)
- Create bookmarks for frequently visited websites to avoid visiting fake websites
- Contact the IT department when in doubt of unknown and suspicious links
- Validate email requests with callbacks to a contact you have on file, or visit a legitimate website to find a callback number
For more guidance on impersonated domains, click here to read ACA’s advice.
How we help
ACA provides services to help organizations tackle threats such as phishing:
- Staff security training to educate all staff on industry best practices, cyber trends, and emerging threats.
- Phishing testing to deploy a targeted email campaign to test employees’ ability to identify and handle phishing threats.
- Penetration testing and vulnerability assessments to identify network vulnerabilities that can help reduce the risk of a breach and associated financial, operational, and reputational losses.
Learn more about our additional solutions here.
For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your trusted cyber advisor or contact us.
Related insights
Critical Vulnerabilities in Virtual Environments Using VMware vCenter Server
These vulnerabilities serve as a potential gateway to exploit not only the targeted vCenter instances, but also the broader networks and systems they manage.
- Cybersecurity
Critical WordPress Vulnerability Puts Websites at Risk
A critical security vulnerability was discovered in a WordPress plugin that allows attackers to enter the platform without credentials.
- Cybersecurity
SEC Enforcement Action for Incomplete Cyber Incident Disclosures
The SEC recently charged four companies for insufficient disclosures related to cyber incidents alleging they did not fully communicate the nature and impact of the cyber breach.
- Cybersecurity