Active Risk Alert: Firms Receiving Phishing Attempts from Compromised Internal Emails

Author

ACA Group

Publish Date

August 11, 2023

Type

Cyber Alert

Topics

Cybersecurity

Insights
Active Risk Alert: Firms Receiving Phishing Attempts from Compromised Internal Emails

On August 11th, ACA confirmed three financial services firms are experiencing phishing attacks using identical phishing emails and tactics. While the scope of these attacks is still unclear, it is likely that other firms in the industry will be targeted, and firms should notify their employees to be on heightened alert.

Example phishing email

The emails have all come from legitimate but compromised email accounts from within the firms, with a subject line: “Fund Distribution notice August 2023 | [COMPANY NAME REDACTED]”.

Below is a sample phishing email in circulation:

active phishing attempt email screenshot

Immediate action

In this instance, attackers are looking to capitalize on the fact that the email is coming from a known source, so recipients are more likely to trust that the message is safe and open the attachment. Because of this, firms should ensure their employees are made aware of the threat as soon as possible and are ready to react appropriately.

If an employee receives an unexpected email like the sample email above, they should:

Not click any links in the email or open any attachments. Immediately escalate the issue to the firm’s IT team.
Confirm the validity of the email by directly contacting the individual that appears to be sending the message.
Reach out to trusted cyber advisors and alert them to the issue.

Our guidance

It is crucial to educate employees on the dangers of phishing attempts, as well as the precautions they ought to take. These precautions include:

Never trust the “From” field in an email
Do not download attachments from an unsolicited source
Be cautious of alarmist email subject lines (e.g., “urgent”, “transfer”, “request”, etc.)
Create bookmarks for frequently visited websites to avoid visiting fake websites
Contact the IT department when in doubt of unknown and suspicious links
Validate email requests with callbacks to a contact you have on file, or visit a legitimate website to find a callback number

For more guidance on impersonated domains, click here to read ACA’s advice.

How we help

ACA provides services to help organizations tackle threats such as phishing:

Staff security training to educate all staff on industry best practices, cyber trends, and emerging threats.
Phishing testing to deploy a targeted email campaign to test employees’ ability to identify and handle phishing threats.
Penetration testing and vulnerability assessments to identify network vulnerabilities that can help reduce the risk of a breach and associated financial, operational, and reputational losses.

Learn more about our additional solutions here.

For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your trusted cyber advisor or contact us.