FYI from the FBI:
SPEAR-PHISHING ATTACK TARGETING THE PETROLEUM INDUSTRY
The following scheme has been reported and has targeted at least five petroleum companies. The perpetrators registered domain names closely resembling the domain names of the victim companies that were slightly misspelled. The perpetrators then sent targeted e-mails to individuals who were identified as having the ability to initiate a wire transfer within the company. The e-mails appeared legitimate, were sent to the correct person at the company, and had contact information for the requester (usually someone in the company with the authority to request a transfer). The victim company contacted the requestor at the number provided in the e-mail (instead of using information contained in an internal directory) and provided him/her with the information and documents required to initiate the transfer. The perpetrator completed the form and initiated the wire transfer.
http://www.ic3.gov/media/2013/130718-1.aspx
Threaded Mode
