Earlier this year, Symantec discovered an aggressive social engineering campaign targeting a limited set of multi-national firms in Europe. The attacks were by the book, employing classic techniques, eventually netting the criminals vast sums of stolen funds for their efforts.
In April, an administrative assistant working in a French-based multi-national firm got an email that referenced an invoice hosted in a filesharing service (such as Dropbox). A few moments later, a person posing as a senior executive within the same firm — speaking flawless French — spoke with authority and requested that she process the invoice referenced in the email.
“Over the last few months, we’ve seen hackers use more multi-staged social engineering attacks to penetrate various organizations. [This recent] attack is a prime example of how one such group used several principles of influence to get the target to take an action they shouldn’t have,” said Chris Hadnagy of Social-Engineer, Inc., in an email to CSO.