Fake Subpoenas Sent To CEOs For Social Engineering
An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"
My boss received one of these yesterday. Luckily he is one of the smarter people in this world and FW'd me the email (being the suspicious person he is). Personally I thought it was rather clever.
Also - I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words? Cause these subpoenas looked fairly good - but there were misspellings. Can't they just run the emails through Word or Open Office before they send them out?
snowulf.com
One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.
He's getting rather old, but he's a good mouse.