Ars Technica reports about a new spear phishing scam targeting Wall Street executives and other high value targets.
E-mails are sent from the accounts of people the target knows, and they discuss mergers, acquisitions, or other topics already in progress. The attackers often bcc other recipients to make it more difficult to detect the malicious e-mail. The messages appear to be written by native English speakers and often contain previously exchanged Microsoft Office documents that embed hidden malicious macros. This results in fraudulent e-mails that are extremely hard to detect, even by some people who have been trained to spot such phishing campaigns.
Are these new tactics being used to gain access to insider information that could give the perpetrators a trading advantage?