Hackers this week took over the email account of Michael Rosen, chief investment officer of consulting and asset management firm Angeles Investment Advisors.
If you received an email from him inviting bids on a proposal, do not click on it.
Angeles is the latest known victim in a targeted phishing attack on institutional investors and service providers that has gone on since at least late September 2019. Other victims include executives at Vontobel Asset Management, the Kansas University endowment, Community Foundation of Texas, hedge fund Arena Investors, and financial public relations firm Hewes Communications.
[II Deep Dive: Cyber Attack Hits Prominent Hedge Fund, Endowment, and Foundation]
Hackers apparently took over Rosen’s Angeles account Tuesday — as opposed to simply “spoofing” the address, or pretending a malicious email came from him.
The original message invited recipients to bid on an investment proposal, and click various links which then asked for login information. When Institutional Investor reporter Alicia McElhaney replied to the email, hackers wrote back from Rosen’s account: “Hi Alicia, Thanks for checking in, the document was sent securely by me to you and it’s safe to open... Let me know what you think.”
This is unusual in phishing attacks, experts said, and signals the seriousness of their intentions.
“These organizations have access to millions of dollars in liquid accounts,” Robert Capps of NuData Security told II in an earlier interview. “Institutional folks managing capital are used to getting wire transfers and moving money. By targeting high-level executives in the financial industry, attackers are then able to send out wire transfer requests to someone in accounts payable, and then money is wired out to third parties. Make one mistake, and it could cost millions of dollars.”
Angeles oversees $33.6 billion in assets, serving as a consultant for the majority of that while directly managing $5.2 billion, according to the website.
Director and partner Sandra Kridel confirmed the hack Tuesday by phone, and the company later followed up with apologetic emails to likely recipients.
“It has come to our attention that an unauthorized email was sent from Michael Rosen’s account with the subject line: Invitation to Bid-Angeles Investment Advisors,” the message said. “Michael Rosen and Angeles did NOT send this email, so please disregard it. If you did click on the link in the body of the email, we suggest you check with your IT department and have your computer scanned for any potential virus or malware.”
Human vigilance is the best line of defense for preventing attacks and controlling the damage afterwards, security experts said. And institutional investors should expect to be targeted, if they haven’t been already.