Active Risk Alert: Firms Receiving Phishing Attempts from Compromised Internal Emails


ACA Group

Publish Date


Cyber Alert

  • Cybersecurity

On August 11th, ACA confirmed three financial services firms are experiencing phishing attacks using identical phishing emails and tactics. While the scope of these attacks is still unclear, it is likely that other firms in the industry will be targeted, and firms should notify their employees to be on heightened alert.

Example phishing email

The emails have all come from legitimate but compromised email accounts from within the firms, with a subject line: “Fund Distribution notice August 2023 | [COMPANY NAME REDACTED]”.   

Below is a sample phishing email in circulation:

active phishing attempt email screenshot

Immediate action

In this instance, attackers are looking to capitalize on the fact that the email is coming from a known source, so recipients are more likely to trust that the message is safe and open the attachment. Because of this, firms should ensure their employees are made aware of the threat as soon as possible and are ready to react appropriately.

If an employee receives an unexpected email like the sample email above, they should:

  1. Not click any links in the email or open any attachments. Immediately escalate the issue to the firm’s IT team.
  2. Confirm the validity of the email by directly contacting the individual that appears to be sending the message.
  3. Reach out to trusted cyber advisors and alert them to the issue.

Our guidance

It is crucial to educate employees on the dangers of phishing attempts, as well as the precautions they ought to take. These precautions include:

  • Never trust the “From” field in an email
  • Do not download attachments from an unsolicited source
  • Be cautious of alarmist email subject lines (e.g., “urgent”, “transfer”, “request”, etc.)
  • Create bookmarks for frequently visited websites to avoid visiting fake websites
  • Contact the IT department when in doubt of unknown and suspicious links
  • Validate email requests with callbacks to a contact you have on file, or visit a legitimate website to find a callback number

For more guidance on impersonated domains, click here to read ACA’s advice.

How we help

ACA provides services to help organizations tackle threats such as phishing:

Learn more about our additional solutions here.

For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your trusted cyber advisor or contact us.

Contact us