Widespread Whaling Campaign Looks to Hook Fortune 500 Firms

A massive business email compromise (BEC) campaign is targeting Fortune 500 firms, using well-crafted, sophisticated phishing emails. According to the IBM X-Force Incident Response and Intelligence Services (IRIS), criminals of likely Nigerian origin are behind the widespread credential harvesting, phishing and social engineering initiative designed to steal financial assets. Beginning in the fall of 2017, X-Force IRIS started seeing a significant increase in clients reporting instances of fraud or attempted fraud via wire transfer payments. Attackers in these cases use stolen email credentials and solid social engineering tactics; there’s no need to infiltrate the corporate network to defraud a company, so the BEC scam involves little to no technical knowledge, malware or special tools.