I have to admit, the phishing scammers that hit 100 Wall Street companies are clever ones. These crooks didn't just send out fake email willy-nilly. Now a hacker team is calling itself FIN4 and could be going after your computer.
You know how even some of the more clever phishing scams are easy to spot? FIN4 "innovates" by actually understanding their target before attacking.
Their objective was to trick their target into downloading snoopware that let would let hackers get an inside look at what stocks to buy.
Bonus tip: Three scams that can fool anybody.
To do that, they developed a pitch that's so clever it's almost scary.
Here's the email that let hackers exploit the stock market:
Subject: employee making negative comments about you and the company
From: [name]@[compromised company’s domain]
I noticed that a user named FinanceBull82 (claiming to be an employee) in an investment discussion forum posted some negative comments about the company in general (executive compensation mainly) and you in specific (overpaid and incompetent). He gave detailed instances of his disagreements, and in doing so, may have unwittingly divulged confidential company information regarding pending transactions. I am a longtime client and I do not think that this will bode well for future business. The post generated quite a few replies, most of them agreeing with the negative statements. While I understand that the employee has the right to his opinion, perhaps he should have vented his frustrations through the appropriate channels before making his post. The link to the post is located here (it is the second one in the thread):
Could you please talk to him?
Thank you for the assistance,
No broken English, no fake download links in the email and a statement that puts the victim on the defensive. Also, the FinanceBull82 username is almost laughable.
Hackers are getting smarter. While these hackers have only targeted Wall Street so far, other hackers are getting smarter too. Click here to see the phishing email that almost fooled a security expert with a Ph.D.