Across the financial services sector, we are seeing an increase in targeted “Vishing” attempts to alternative investment managers and their employees. Combined with a technique called “mail bombing”, they are having greater success via this multi-strategy approach.
Vishing involves the impersonation of someone (in these most recent cases, an IT Support person) that is designed to gain the trust of their victim and have them perform actions such as giving up credentials or installing remote access software on their computer.
The attackers are combining a “mail bomb attack”, prior to calling. The victim receives a large number of email from legitimate domains like gmail.com and Hotmail.com – that pass through spam filters with ease. After witnessing a large number of emails arriving in their inbox, the fake call from an imposter IT team seems timely and acceptable.
Recommended Best Practices:
- Follow your documented procedures to contact IT support and never rely on an inbound call to you unless you have other protections in place (such as a support PIN).
- Do not be pressured into unusually urgent requests, IT will accept a call back.
- Report suspicious emails (including a large increase in messages) to your IT team following the correct business procedure.
- Take precautions to not share both your email and phone number publicly.
In case of doubt, reach out to your Drawbridge point person.
