Advised to block all traffic to/from specific IP addresses
My CFO received an email from a director at a financial institution advising that all traffic (inbound and outbound) from certain IP addresses should be blocked at the firewall. The director at the financial institution was advised by his IT department to send this mail. The list of addresses (about 40) was in an attached, password-protected PDF. The password was sent to my CFO by text message.
I initially thought this was a malicious attempt to get our CFO to open an infected PDF, or a phishing/whaling attempt, but it seems legit. We have spoken to the IT department at the FI and they say it's genuine, but they can't (won't) provide any more information. Due to the nature of the relationship between my company and the FI, refusing isn't really an option. From what I can see most of the IP addresses appear to belong to tech companies.
Does this approach strike you as suspicious? Is there some social engineering going on here? What could the nature of the threat be?
