Cybersecurity Alert: Personnel Involved in SEC Filings Targeted by Spear Phishing Attack

March 8, 2017

A spear phishing campaign that targets individuals involved in regulatory filings with the U.S. Securities and Exchange Commission ("SEC") was identified in late February 2017. The spear phishing emails have a spoofed sender of "EDGAR <>" with an attachment named "Important_Changes_to_Form10_K.doc." The attachment contains a malware-infected VBS script that installs a PowerShell backdoor that can be used to steal sensitive information from the infected machine.

For more information, see

ACA Aponix Guidance

ACA Aponix recommends taking the following precautionary measures to prevent malware infections via spear phishing emails:

  • Warn your staff about this attack and train them how to identify and prevent phishing and spear-phishing attacks;
  • Do not open attachments included in unsolicited emails;
  • Check links contained in emails by hovering over them before clicking; and
  • Make sure antivirus and anti-spyware software is up-to-date.

If you have any questions, please contact your ACA Aponix consultant or email us at