Hedge Fund Managers Targeted in New Phishing Campaign


A new spear phishing campaign is taking aim at hedge fund managers and private equity
fund advisors. Researchers have discovered emails made to look as though they’d been forwarded among a group of colleagues and claiming to contain information from the New York Stock Exchange about carried interest fees.

 “Carried interest is a particular topic of interest to hedge and private equity funds. It literally can be defined as an accounting process required submitting the return income to funds and its tax status is a subject of some debate, explains Spamfighter.com.”

The recipient is encouraged to open the included attachment, which appears to be a PDF file but is really a hidden executable. Once opened it installs a keylogger onto the unsuspecting victim’s computer. The keylogger then sends information about every keystroke to a remote server. Since hedge and private equity fund advisors handle accounts containing very large sums of money, it’s not surprising that phishing scammers are going after them. The days of phishers launching large scale generalized attacks hoping for few profitable “fish” in their nets are dwindling fast. Highly specialized and targeted attacks are their preferred MOs and such attacks are rising fast. Spam carrying malicious payloads is also rising as traditional spam sinks.

Spammers and scammers are after big paydays and have little patience for much else. They know people are becoming more and more educated about traditional spamming and phishing techniques and have been working hard to refine them and create more sophisticated means of attack.

Written by Sue Walsh


  1. Lisa S. · August 30, 2012

    Another example of a very professionally crafted phishing campaign. It looks so authentic, so I guess even users educated about the dangers of phishing will be easily mistaken and will open the email. I hope that hedge fund managers will learn about this particular attack and don’t become victims. It seems that today it is not enough to know about spam and phising in general but you need to know about particular campaigns that are hot at the moment – otherwise you can’t defend yourself.

  2. Matt Colonel · August 30, 2012

    This is one of the scariest news I’ve heard in a
    long while. Wow, these phishers are really going big time. Imagine, if they
    could access the personal details of these hedge fund managers, it wouldn’t be
    long before they can lure their clients who have hundreds of thousands or even
    millions of dollars in investment. By then this could probably be the biggest Internet
    scam of all time. I wonder what ICANN and even the government can say about
    this. I really hope they can something do about this ASAP before it’s too late.

  3. Stacy Johnson · August 30, 2012

    @Matt: You’re actually right, Matt. I’m scared
    myself. I don’t have any hedge funds, and I am not investing any money on these
    types of markets yet, but I’m planning too. Now I don’t know anymore. If these
    phishers can get hedge fund managers who are brilliant meticulous people, I
    wouldn’t be surprised if they can also do the same trick with other portfolio managers
    such as those taking care of mutual funds and bonds. I’ve heard ICANN is
    offering exclusive domains for huge companies for hundreds of thousands of
    dollars. So sad it seems they don’t have such offer to other groups of people vulnerable
    to phishing too.

  4. Lourdes Ford · August 31, 2012

    Well, I’ve already foreseen this. Sooner or later these scammers are going to get very crafty, and the more they feel confident, the more they have the power to attack the big ones, such as those that invest and keep track of invested money. As expeced, the main potential victims are the rich, those who decide to hire these hedge fund managers to monitor their accounts. I know hedge fund managers are well paid, but why settle for just the fry when you can have the big fish? Now that this has come to attention, everyone should be extremely vigilant on any suspicious mails and websites.

  5. Desmond · August 31, 2012

    This is actually very timely. I just talked to my
    hedge fund manager, and I don’t think he even knows about it! Anyway, I trust the
    guy since he also has a good background in IT, and definitely he knows a lot
    about phishing. But still he has to be forewarned. I’ll be forwarding this link
    to him in a while. Anyway, I share the sentiments of some here. Truly these
    scammers are becoming bolder! But is it because there’s still no reliable way
    on how to defeat them or even keep them “out of business” for a very long time?

  6. Manny Diggs · September 8, 2012

    Spammers and phishers these days are truly getting craftier on how they do things. The worse thing is it seems like all our efforts are in vain. Just by reading some of the posts here, it seems they bounce back very fast and sometimes with a vengeance. I am planning to be a hedge fund manager myself so this one is definitely troubling. I don’t have a lot of information of what phishing and spamming really is, more so on how to beat them. I may not be able to properly protect my client because of the lack of more information.

Leave A Reply