Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fake Subpoenas Sent To CEOs For Social Engineering

Posted by kdawson on from the whale-fishing dept.

An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"

8 of 112 comments (clear)

  1. Subpoena by *email* ?? by nurb432 · · Score: 5, Insightful

    If you fall for that you deserve to get taken.

    --
    ---- Booth was a patriot ----
    1. Re:Subpoena by *email* ?? by WaltBusterkeys · · Score: 5, Informative
      Sure, here's an example of service by email:

      Plaintiffs Tishman and Wilkinson filed a lawsuit against defendant Pine, but had difficulty serving Pine with the summons. The plaintiffs tried the conventional methods of service under New York law, such as personal delivery. They even tried the "nailing and mailing" method by affixing a copy of the summons to the door of Pine's residence, then sending a copy in the mail.

      Tishman and Wilkinson had information, however, that led them to believe Pine was out of the country. . . They petitioned the court for permission to serve Pine by e-mail, pursuant to N.Y. C.P.L.R. Â308(5), which allows service by such manner as the court directs, when the more conventional methods are "impracticable."

      The court allowed service of the summons to an e-mail address Pine had used in a classified ad listing his house for sale. The court held that given the uncertainty about the success of the attempted "nailing and mailing" effort, and the fact that the Pine's attorneys wouldn't give a clear answer as to where Pine was living, alternative service by e-mail was appropriate.


      Most states have similar laws that allow service by any practical means if conventional methods fail.
  2. You already have real problems. by Cajun+Hell · · Score: 5, Insightful

    So, first and foremost, don't click on such links.

    If clicking a link poses even the slightest risk, you need to replace your software ASAP.

    Websites don't "run" malware; users download and install malware with execution privileges. Or their defective user agents do it for them. CEOs don't need defective user agents. I'm not sure who does.

    --
    "Believe me!" -- Donald Trump
    1. Re:You already have real problems. by cynicsreport · · Score: 5, Funny

      So, first and foremost, don't click on such links.
      This is always good advice. For more information on how to avoid anonymous links, check out this website.
      --
      - Demosthenes
      cynicsreport.com
    2. Re:You already have real problems. by Lobster+Quadrille · · Score: 5, Funny

      I clicked it. It just says 'server not found'.

      If you're going to make a joke on slashdot, you gotta at least register the domain and build a website, or nobody will take you seriously.

      --
      "The cup is in turn designed for holding hot or cold liquids, and has an open rim and closed base." --US Patent #5425497
  3. Boss got this yesterday by ResQuad · · Score: 5, Interesting

    My boss received one of these yesterday. Luckily he is one of the smarter people in this world and FW'd me the email (being the suspicious person he is). Personally I thought it was rather clever.

    Also - I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words? Cause these subpoenas looked fairly good - but there were misspellings. Can't they just run the emails through Word or Open Office before they send them out?

    --
    snowulf.com
  4. Etch a Sketch by EEPROMS · · Score: 5, Funny

    We just gave our CEO a new laptop, that reminds me I better tell him he needs to shake it to reset.

  5. I was hit by it... by npal · · Score: 5, Informative

    I saw it on my Treo and it looked very real - at first. There were four issues: It was a Federal subpoena but it mentioned a "city prosecutor" down towards the end. This started some suspicion.
    Then I noticed that it was a grand jury for a civil trial. So I'm wondering, do they use grand jury's for civil trials? It was in California, so I thought maybe they somehow did. Then, I could see that they wanted a credit card to get the information. Big red flag, but it used pricing by the page - so I thought only the government could dream up something like this and maybe it was legit. Finally, the domain name for the link to the credit card page looked okay, but it was phony.

    All and all, I'll bet a number of people fell for it because the targeting was so good.