Cyber thieves stealing insider information to play stocks

In an effort to successfully play the stock markets, cyber thieves are stealing insider information from senior executives’ email accounts.

‘Fin4’, a hacking group, has reportedly been using phishing techniques to get hold of insider information from senior executives, lawyers, regulatory staff and internal risk assessors.

The group is believed to have been operating since 2013 and has targeted more than 100 organisations, of which more than two-thirds are healthcare and pharmaceutical firms.

A blogpost on FireEye’s website said: “Fin4 probably focuses on these types of organisations because their stocks can move dramatically in response to news of clinical trial results, regulatory decisions, or safety and legal issues”.

The method

After sending fake emails containing industry jargon and malicious Word and Excel documents, the thieves sit and wait for someone to fall for the scam and then go ahead and steal login information. The thieves can then use this to steal any information they feel will help them successful play the stock market.

These fake emails are much harder to spot compared to similar phishing emails. The group’s emails are complex and demonstrate that the group has a strong command of the English language, as well as knowledge of corporate finance.

FireEye published a report about Fin4, which mentioned several cases of the group targeting the majority of organisations involved in a particular deal so that it could keep an eye on how negotiations had developed. The group stole information relating to drug trials, ongoing legal cases and insurance rates in a bid to profit, the security firm said.

“Time to worry”

Sophisticated phishing attacks have the ability to severely harm an organisation. Alan Calder, founder and executive chairman of IT Governance, said: “Discovering that you have been the target of a large-scale phishing attack is hardly worth taking personally, but when you’ve been specifically targeted because of secret information you hold – then it’s time to worry.”

If you feel that you may have made a mistake and fallen for a phishing attack, then we recommend you contact your IT department immediately. If you are the IT department, then IT Governance recommends that you have up-to-date security software and run regular staff awareness training.