Spear-phishing criminals are taking a more relaxed approach to scamming businesses.

Instead of the usual one time email, the scammers are now starting a dialogue with their victims. They will send multiple emails, trying to reach a point where the victim is complacent. Often the email will ask simple questions such as "are you in your office."

Symantec researcher Binny Kuriakose noted: “The scammer starts off with one-liner emails saying “are you at your desk?” or “please respond if you are available in office today,” and tells the victim about the wire transfer only after receiving a response. Depending on the response received, the scammer would then ask what information is required to make the transfer.”

Often the attacker will then ask how the money will be transferred and says he will send an invoice once the funds are transferred.

The emails are crafted to sound like another bored executive until the attacker starts pushing for account information and finally asks for a set amount of money.

That is where the scam is complete.

Source: SCMagazine