The target: Angeles Investment Advisors, an asset manager based in Santa Monica, California
The take: The e-mail account of Michael Rosen, Chief Investment Officer, was compromised and used to send a bogus ‘bid for proposal’ link to his contacts.
The attack vector: While details have not been published at this time, it is likely that the initial compromise of Rosen’s account was as a result of a targeted phishing attack. Once attackers had control of his e-mail account, they were able to send a malicious attachment to his contact list, and even responded to individuals who questioned the legitimacy of the e-mail – assuring them that attachment was safe, and that they should open it post-haste.
One of the most insidious risks in an e-mail compromise is that the compromised account will be used as a pivot point, and that the trust in that individual will be exploited for criminal gain. These attacks highlight not only the need to ensure that technical controls are in place to prevent accounts from being compromised in the first place – but also the need to train staff to think critically about the content of messages they receive, and to confirm any suspicious communications or requests via a separate channel of communication.