Phony Funds-Transfer Emails Targeting Companies

There has been an uptick in so-called whaling attacks against companies, and they have become more sophisticated, according to an alert from cloud email services company Mimecast. These attacks typically take the form of an email to someone in the financial area who is instructed to initiate a wire transfer, which if carried out will move funds to an account controlled by the perpetrator. The email appears to come from the CEO or other senior executive and often “conveys a sense of urgency.” These schemes are relatively low-tech, in the sense they do not require sophisticated malware, but they do require enough understanding of the business to couch a convincing order. Apparently that can often be gleaned from company or employee social media sites.