Yar, thar she blows: Corp-cash-stealing email whaling attacks now a $12.5bn industry


Two factor of sorts can work here

<<email received>>

Give lots of $$$$ to Legit Business today please

<<approach/ring boss>>

Hey boss, I got your email, shall I give lots of $$$$ to Legit Business?



FWIW - I cant think of a place I've worked where a simple email was enough to transfer funds or approve expenses. Most needed the boss types to login to some kind of online portal/system to approve. Of course this can be compromised too, but that's another matter.

