Cyber scammers are using a new trick to get confidential corporate information: They are sending spoofed emails, purporting to be from the Security and Exchange Commission, and aiming them at lawyers, compliance managers, and other company officials who file documents with the SEC.
The security company FireEye (FEyE) discovered the ruse in late February, when it intercepted suspicious emails targeted at companies in sectors ranging from transportation to banking to retail. FireEye, which set out its findings in a blog post, believes the scammers are likely to be an Eastern European criminal syndicate looking to make money by trading on inside information.
In some cases, FireEye says corporate executives did click on a fake Microsoft Word file included with the email. Here’s a screenshot of the email, which contains little text and appears to come from EDGAR, which is the name of the SEC’s filing service:
Those who clicked on instructions in the Word document granted the attackers access to internal corporate networks, though FireEye says, in the case of its customers, it was able to contain and evict the scammers within hours. (In many cases, the company says it was able to intercept them altogether).
The reach of the scam, however, could be much broader than the activity detected by FireEye.
The email attacks in question, known as “spear-phishing” are effective because they are addressed to specific people and appear to be from a legitimate source. In the case of the fake SEC emails, the targets included corporate officials with titles like SEC Reporting Manager and Senior Legal Specialist—the very people, in other words, responsible for securities filings, and who could expect to receive an email from the SEC.
Get Data Sheet, Fortune‘s technology newsletter.
John Miller, a director of threat intelligence at FireEye, described the attackers as among “the most sophisticated financial actors” and said their methods were similar to hackers who targeted ATM machines and other parts of the banking system. He also warned the hacking tools they sought to install were particularly insidious.
“It’s the Swiss army knife of malware. It lets you do whatever you want to with the compromised system,” Miller said.
In response to whether it was familiar with the recent cyber-phishing campaign, a spokesperson for the SEC declined comment.