Category Archives: IR

Business Email Compromise

Last week or so, I read the Symantec Security Response blog, talking about Business Email Compromise. Short version it talks about campaigns targeting C-level employees to try and do wire transfers. There were 2 type, one is the CEO emailing another C-level because he’s stuck in meetings and needs a wire transfer. The other version is an acquisition email, that hasn’t been announced yet.

The blog linked above has screen shot examples.

At my day job, I do occasionally work on Phishing emails. While the Symantec article was good, it is missing that the example emails are no longer going to the C-levels. While I haven’t seen the acquisition email yet, I have seen lots of the person in the meeting email going around.

It isn’t just at the C-levels. I’m seeing emails claiming to be from VPs and Directors, to underlings using the same comment about being tied up in meetings and needing the wire transfer done. Where I work the C-levels are good at catching them and reporting to them. The lower levels however have been fruitful targets.  Not realizing it is a phishing attempt and trying to comply.

We need to warn the lower level people in positions to send money.