Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Subpoenas Sent To CEOs For Social Engineering

Posted by kdawson on from the whale-fishing dept.

An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"

32 of 112 comments (clear)

  1. Subpoena by *email* ?? by nurb432 · · Score: 5, Insightful

    If you fall for that you deserve to get taken.

    --
    ---- Booth was a patriot ----
    1. Re:Subpoena by *email* ?? by gnick · · Score: 3, Interesting

      One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.

      --
      He's getting rather old, but he's a good mouse.
    2. Re:Subpoena by *email* ?? by WaltBusterkeys · · Score: 4, Informative

      Stranger things have happened, especially in cases where the events took place online. Normally you're right that service has to be done in person or by US mail.

      BUT, if the only known way to contact a defendant or witness is by email (if, for example, their real names or addresses are unknown), then a court can authorize that as an alternative form of service. It's up to the court to decide if email would give sufficient notice and other means are impractical.

      Here, of course, there's no reason to think that sending certified mail or a process server wouldn't work -- a corporate CEO isn't hard to find and service on a company can almost always be done through the state's secretary of state.

      But, that doesn't mean that electronic subpoenas are never possible, as you suggest.

    3. Re:Subpoena by *email* ?? by GoodbyeBlueSky1 · · Score: 2, Funny

      This sounds like baloney. Can you back this up with a link?

      --
      why? forty-two.
    4. Re:Subpoena by *email* ?? by WaltBusterkeys · · Score: 5, Informative
      Sure, here's an example of service by email:

      Plaintiffs Tishman and Wilkinson filed a lawsuit against defendant Pine, but had difficulty serving Pine with the summons. The plaintiffs tried the conventional methods of service under New York law, such as personal delivery. They even tried the "nailing and mailing" method by affixing a copy of the summons to the door of Pine's residence, then sending a copy in the mail.

      Tishman and Wilkinson had information, however, that led them to believe Pine was out of the country. . . They petitioned the court for permission to serve Pine by e-mail, pursuant to N.Y. C.P.L.R. Â308(5), which allows service by such manner as the court directs, when the more conventional methods are "impracticable."

      The court allowed service of the summons to an e-mail address Pine had used in a classified ad listing his house for sale. The court held that given the uncertainty about the success of the attempted "nailing and mailing" effort, and the fact that the Pine's attorneys wouldn't give a clear answer as to where Pine was living, alternative service by e-mail was appropriate.


      Most states have similar laws that allow service by any practical means if conventional methods fail.
    5. Re:Subpoena by *email* ?? by davidphogan74 · · Score: 2, Informative

      I received one from the a California state organization about 3 years ago due to a lack of other ways to locate me and give me a written notice. The written notice had no external links whatsoever, and simply asked me to contact them regarding the matter and included a PDF of the subpoena itself, along with corroborating evidence that would relate to it.

      A few phone calls and cross-checks with other resources later, it turned out to be valid.

    6. Re:Subpoena by *email* ?? by Anonymous Coward · · Score: 4, Insightful

      Actually my experience in Corperate IT, most C*O executives are dumb enough to open such items.

      Cripes most virus infections at corperations come from these dimrods.

    7. Re:Subpoena by *email* ?? by nomadic · · Score: 3, Insightful

      One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.

      If you're an experienced executive you should at least realize that you need to be served with a subpoena, and e-mail isn't a valid method of service (yet). Oh well, business majors aren't known for their intellectual sharpness...

  2. You already have real problems. by Cajun+Hell · · Score: 5, Insightful

    So, first and foremost, don't click on such links.

    If clicking a link poses even the slightest risk, you need to replace your software ASAP.

    Websites don't "run" malware; users download and install malware with execution privileges. Or their defective user agents do it for them. CEOs don't need defective user agents. I'm not sure who does.

    --
    "Believe me!" -- Donald Trump
    1. Re:You already have real problems. by Anonymous Coward · · Score: 4, Informative

      CEOs should know better anyway. Start of process is with your registered agent, not your email address.

    2. Re:You already have real problems. by cynicsreport · · Score: 5, Funny

      So, first and foremost, don't click on such links.
      This is always good advice. For more information on how to avoid anonymous links, check out this website.
      --
      - Demosthenes
      cynicsreport.com
    3. Re:You already have real problems. by Lobster+Quadrille · · Score: 5, Funny

      I clicked it. It just says 'server not found'.

      If you're going to make a joke on slashdot, you gotta at least register the domain and build a website, or nobody will take you seriously.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    4. Re:You already have real problems. by Urza9814 · · Score: 2, Funny

      c'mon man! If you're gonna make a link, make it to a real website! As a Linux user, I enjoy visiting malware sites :)

    5. Re:You already have real problems. by Lobster+Quadrille · · Score: 3, Funny

      Good thing I used my CEO's computer to view it.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
    6. Re:You already have real problems. by GreyWolf3000 · · Score: 2, Funny

      He did. It's just that the link got slashdotted.

      --
      Slashdot: Where people pretend to be twice as smart as they really are by behaving like children.
    7. Re:You already have real problems. by matt+me · · Score: 2, Funny

      If you're going to make a joke on slashdot, you gotta at least register the domain and build a website, or nobody will take you seriously. I have not registered the domain and built a page there. The page appears identical to the firefox error page.
  3. Hmmm.... by Otter · · Score: 2, Insightful
    If you're the CEO of a major corporation (or the admin who reads and prioritizes his email for him), you're crazy to be clicking on something like that even if it were guaranteed to be real. That's what you have a legion of lawyers for.

    Clever scheme, though.

    --
    What I'm listening to now on Pandora...
    1. Re:Hmmm.... by iNaya · · Score: 3, Informative

      Pity his email is actually billg@microsoft.com

      --
      The Unicode standard is over 20 years old. Why does Slashdot not support it?
  4. Boss got this yesterday by ResQuad · · Score: 5, Interesting

    My boss received one of these yesterday. Luckily he is one of the smarter people in this world and FW'd me the email (being the suspicious person he is). Personally I thought it was rather clever.

    Also - I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words? Cause these subpoenas looked fairly good - but there were misspellings. Can't they just run the emails through Word or Open Office before they send them out?

    --
    snowulf.com
    1. Re:Boss got this yesterday by Anonymous Coward · · Score: 4, Funny

      Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words?
      We're really not supposed to talk about the hacker code in public, where n00bs might see.
    2. Re:Boss got this yesterday by tattood · · Score: 4, Funny

      The first rule of hacker code is - you don't talk about hacker code.

      --
      WTB [sig], PST!!!
    3. Re:Boss got this yesterday by XHIIHIIHX · · Score: 2, Informative

      I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell Yes there is. By mispelling [sic pun] a few words, you can confuse anti-spam filters that are looking for duplicate mass mailed documents or for specific words. Typical spamming programs will allow you to insert random chars (replace 1, l or ! for I) or will substitute some automatically.
    4. Re:Boss got this yesterday by pclminion · · Score: 2, Interesting

      Yes there is. By mispelling [sic pun] a few words, you can confuse anti-spam filters that are looking for duplicate mass mailed documents or for specific words. Typical spamming programs will allow you to insert random chars (replace 1, l or ! for I) or will substitute some automatically.

      That might help it get past the spam filter, but it certainly doesn't help it get past the "Me" filter. *I* will recognize the email as a phish based on a SINGLE misspelling. The problem isn't getting past the filters, the problem is convincing the user that the email is legitimate, and misspellings only hurt that cause.

    5. Re:Boss got this yesterday by XHIIHIIHX · · Score: 2, Informative

      Which doesn't matter if it doesn't get to the user in the first place.

  5. To be on the safe side ... by cpricejones · · Score: 2, Funny

    maybe they should post the email list so that all the CEOs out there know if that particular subpoena they received was real or not. So many subpoena emails to go through ...

  6. I have been saying this... by zappepcs · · Score: 2, Interesting

    Every time that I comment on a story about viruses and malware and security, I mention the fact that what is normally mentioned by antivirus vendors is junk used to scare up business.

    The real danger lies elsewhere. Stories like this and the cyber-war story about the US and China are the ones that you need to follow and think about.

    The chances that your company is already compromised by the NSA or some other country's spy agency/military is reasonably high, no matter what you do.

    Okay, so you make cheeseburger boxes for several chain restaurants, who would want data from your system?

    It looks a lot like the butterfly effect http://en.wikipedia.org/wiki/Butterfly_effect in the fact that one small chance encounter or small piece of information can greatly affect the outcome of a particular chain of events. Your company makes cheeseburger boxes for a company whose CEO, in turn, is a friend of or associate of some political figure. This information is gleened from your system via email, and phishing email is used to get that political figure to open an email which is a dupe of a previous email sent, but contains an active-x payload... this in turn leads to more serious and useful information down the road... and viola! you have enough for a hack on the RNC mail server...

    Something like that, just work out your own end goal and play 6 steps to Kevin Bacon to find out how to get there. Much is public information and can be used to nail the last link you need for planting the right spyware in the right place, unnoticed, undetected, unfettered. No need for millions of bots, just one well placed piece of code.

    Best part is that it is enabled/started by the high-ranking user, one that is never spied on, so the malware is safely sitting there doing it's thing without interruption.

    That is how spying works, a little bit at a time, patiently looking for a chink in the armor.

    --
    Support NYCountryLawyer RIAA vs People
    1. Re:I have been saying this... by Digi-John · · Score: 4, Informative

      The real danger lies elsewhere. Stories like this and the cyber-war story about the US and China are the ones that you need to follow and think about.

      It looks a lot like the butterfly effect http://en.wikipedia.org/wiki/Butterfly_effect in the fact that one small chance encounter or small piece of information can greatly affect the outcome of a particular chain of events. Your company makes cheeseburger boxes for a company whose CEO, in turn, is a friend of or associate of some political figure. This information is gleened from your system via email, and phishing email is used to get that political figure to open an email which is a dupe of a previous email sent, but contains an active-x payload... this in turn leads to more serious and useful information down the road... and viola! you have enough for a hack on the RNC mail server...

      That is how spying works, a little bit at a time, patiently looking for a chink in the armor.

      Reminds me of the information security training I had to take before starting my job here at a national lab. First, we watched a video in which an ex-KGB boss who now provides security consulting worldwide says, "Do not think that because you are low-ranking or do not work with classified information, that you are not a potential target for espionage" and goes on to tell us how almost certainly at least a few of the people we work with have been or will be targeted for espionage or potential defection. Then we were told how several pieces of non-classified information can be put together to create classified information, even unintentionally.

      Even if you don't work for the government, you have to be really careful if you want your data to be secure.

      --
      Klingon programs don't timeshare, they battle for supremacy.
  7. Etch a Sketch by EEPROMS · · Score: 5, Funny

    We just gave our CEO a new laptop, that reminds me I better tell him he needs to shake it to reset.

  8. How will he click it? by prockcore · · Score: 2, Funny

    How will the CEO click the link on the printout his secretary made for him?

  9. I was hit by it... by npal · · Score: 5, Informative

    I saw it on my Treo and it looked very real - at first. There were four issues: It was a Federal subpoena but it mentioned a "city prosecutor" down towards the end. This started some suspicion.
    Then I noticed that it was a grand jury for a civil trial. So I'm wondering, do they use grand jury's for civil trials? It was in California, so I thought maybe they somehow did. Then, I could see that they wanted a credit card to get the information. Big red flag, but it used pricing by the page - so I thought only the government could dream up something like this and maybe it was legit. Finally, the domain name for the link to the credit card page looked okay, but it was phony.

    All and all, I'll bet a number of people fell for it because the targeting was so good.

  10. easily done by locokamil · · Score: 2, Insightful

    I don't know about other industries, but in the financial industry (as far as I know) employees are required to have an address of format [name1.name2]@[company domain].

    Makes for easy spamming...

  11. That's nothing by PCM2 · · Score: 4, Funny

    You think that's targeted? The other day I received an e-mail from a pharmaceutical company offering to discuss options for enlarging my very small penis. They asked me if I was tired of being unable to satisfy women, and whether I had tried the other pills without results. I mean, seriously ... how can spammers find out stuff like this?? I'm switching to Firefox.

    --
    Breakfast served all day!