In this Barracuda Research post, we examine a recent attack against an organization that had no spear phishing protection in place. This incident demonstrates the dangers of using unauthenticated email for financial transactions.
The PC used by the controller at the company was infected with malware that echoed a copy of every email he received to an email address at a “free email” domain.
The thief at this unauthorized email account watched the controller’s emails for a short period of time before acting on them. Soon, there was an email concerning a transaction that was big enough to tempt the thief to strike.