When ISC reader Josh realized that only five people at his firm had received the "legal threat" malware email that we reported on earlier, he started digging. The targeting of the bad guys had been spot on, all five recipients were in fact involved in the handling of money for Josh's employer, a large real estate firm. Two were in cash operations, two in accounts payable, and one in treasury/finance. After a couple minutes of googling, one potential culprit was found: All five staff members were maintaining profiles on LinkedIn, and had their profile proudly proclaim a job title that made it patently obvious that they had access to the firm's banking information.

Can any other of our readers corroborate this finding? If last week's "Legal Threat" email also only targeted 2-5 specific users in your firm, and the targeting was very precise, please let us know if you have any indication on where and how the bad guys could have gotten their intel.