Date: February 21, 2018
Description: IRIS has found groups of Nigerian origin are harvesting credentials and phishing Fortune 500 companies with the harvested credentials in an attempt to steal financial assets. The most common attack is attempted wire fraud. The attackers has successfully used business emails (via spoofing of addresses in a victim’s contact book, or inserting themselves into current email conversations) to convince accounts payable personnel at Fortune 500 companies to initiate wire transfers into attacker-controlled accounts. Millions have already been stolen in the current campaign.
The current campaign is especially dangerous due to the sophisticated nature of the social engineering tactics. By disguising themselves as users known to the victim and inserting themselves into current conversations they are able to convince even wary employees of their validity.
Beware of suspicious emails
Implement two factor authentication for account logins, especially email accounts
Block auto-forwarding of emails outside of the network. This forces the attacker to log into the email account directly, increasing their chances of being detected
Train users to recognize social engineering attacks and to verify vendors asking for different than usual wire transfers via a different medium than was used to contact about the wire transfer