PRIME TARGETS

With adrenaline levels high, a staff member can easily act rashly by doing as the message asks and paying an invoice. However, sometimes such emails are from criminals attempting to steal money and are not, as they initially appear to be, from a top company executive.

Ryan Trost, co-founder and chief technology officer of the threat intelligence platform ThreatQuotient, encountered these scenarios earlier in his career when he managed a large security operations centre.

“An adversary was masquerading as a senior vice president and sent an email to several employees in our accounts payable department,” explains Trost.

“Although the fictitious email address was a Gmail account, the adversary was able to manipulate the email envelope field and include the VP’s real email address to better camouflage the attack.”

The email included a fake invoice and asked for a wire transfer to be expedited to avoid a steep late fee.

The spearfish was well crafted, being direct and authoritative with proper grammar, and the vice-president’s legitimate email signature. It went to all employees necessary to approve a wire transfer.

What gave the game away was that, at the bottom of the email, the vice president's nickname was not included as it should have been. As Trost puts it, “a minor but obvious nuance.”

“This personal level of detail is usually hard for adversaries to mimic and is commonly overlooked,” he adds.