Now that’s targeted phishing

I recently received an interesting targeted phishing message. It claimed to be from Voltage's CFO and asked me to download and run a progam (malware) that it claimed would provide input into some sort of insuance paperwork that Voltage needs to fill out. This phishing mail was interesting because it claimed to be from our CFO and had our CFO's real contact information at the bottom of the message.

I was surprised by how targeted this phishing was. Voltage has lots of large customers. The last I heard, we have roughly 1,000 enterprise customers and about 10 million users of our technologies, so there are probably lots of people out there who wouldn't be surprised to get an email from Voltage's CFO. On the other hand, the number of people who could reasonably expect an email from Voltage's CFO is fairly small compared to the number of people who have accounts at Bank of America or Wells Fargo.

So while I can understand why a phisher might think that it's reasonable to send out millions of phishing emails in an attempt to trick a few of the BofA or Wells customers into giving up their username and password, I can't quite understand why a phisher would think that it's worth sending out targeted phishing emails in an attempt to get a few Voltage employees to install malware on their computers.

Maybe this really indicates that Voltage is more successful than I've heard. I remember seeing a press release recently that talked about how we had something like 70% revenue growth last year, are profitable, generating cash from operations, etc. Maybe we're really doing even better than that. Why else would phishers try such a targeted attack?

  • Rob Adams

    You can get corporate officer information by scraping sites like linkedin. Probably this was an automated system sending mail to @corporationname.com and scraping some corporate officer information to fill into a template.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *