Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Subpoenas Sent To CEOs For Social Engineering

Posted by kdawson on from the whale-fishing dept.

An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"

6 of 112 comments (clear)

  1. Subpoena by *email* ?? by nurb432 · · Score: 5, Insightful

    If you fall for that you deserve to get taken.

    --
    ---- Booth was a patriot ----
    1. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 4, Insightful

      Actually my experience in Corperate IT, most C*O executives are dumb enough to open such items.

      Cripes most virus infections at corperations come from these dimrods.

    2. Re:Subpoena by *email* ?? by nomadic · · Score: 3, Insightful

      One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.

      If you're an experienced executive you should at least realize that you need to be served with a subpoena, and e-mail isn't a valid method of service (yet). Oh well, business majors aren't known for their intellectual sharpness...

  2. You already have real problems. by Cajun+Hell · · Score: 5, Insightful

    So, first and foremost, don't click on such links.

    If clicking a link poses even the slightest risk, you need to replace your software ASAP.

    Websites don't "run" malware; users download and install malware with execution privileges. Or their defective user agents do it for them. CEOs don't need defective user agents. I'm not sure who does.

    --
    "Believe me!" -- Donald Trump
  3. Hmmm.... by Otter · · Score: 2, Insightful
    If you're the CEO of a major corporation (or the admin who reads and prioritizes his email for him), you're crazy to be clicking on something like that even if it were guaranteed to be real. That's what you have a legion of lawyers for.

    Clever scheme, though.

    --
    What I'm listening to now on Pandora...
  4. easily done by locokamil · · Score: 2, Insightful

    I don't know about other industries, but in the financial industry (as far as I know) employees are required to have an address of format [name1.name2]@[company domain].

    Makes for easy spamming...