They are getting sneakier at this…
One of my customers is a small, high-tech firm. Their financial officer got an email from the company’s President, specifically to her asking for her to wire him a large sum of money, right away. The body of the email said something like:
I’m traveling and need you to wire me $260,500 immediately to ____ . I’ll fill you in on the details later, but I need you to send it right away.
It was completely personalized, marked urgent, written in grammatically correct English, and the From field had John’s correct email address (the SMTPOriginator and ReplyTo had a different email). Talk about targeting! Fortunately, she would never do that without speaking to him, but I could definitely imagine this working if the small company had an unpredictable boss.
To prevent this in the future, I’ve set their anti-spam service to block any inbound messages that say they are from their own email domain (since, those should only be going outbound).
Also, some of the emails used an email address where they added an extra lower-case “l” in the mail domain portion, in this case, butted up to an “h” — so it was barely noticeable. (ex. firstname.lastname@example.org was used as email@example.com ) . So, I also blocked several with similar domain misspellings.)
Thought others might want to be aware of this one, too.
I was speaking with another of one my customers ( a similar, small hi-tech firm) and they have also been hit with the same kinds of precisely targeted emails to their Accounts Payable person. In their case, the one email said it was from the president and a second attempt said it was from the CFO. They told me the one from the CFO “even sounded like the way she talks.”