Careers & Certifications

07:00 PM
Connect Directly
RSS
E-Mail
50%
50%

Spear-Phishing Attack Uses Fake Subpoenas To Steal From CEOs

iDefense estimates that the attack went out to about 15,000 to 20,000 executives, resulting in about 1,800 confirmed malware victims.

The SANS Internet Storm Center on Monday warned that CEOs of some companies are being targeted with a phishing attack involving fake federal subpoenas sent via e-mail.

"We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "It then asks them to click a link and download the case history and associated information. One problem: It's totally bogus."

Clicking on the link in the fake subpoena leads to malware, Bambenek explains. "So, first and foremost, don't click on such links," he said. "An interesting component of this scam was that it did properly identify the CEO and send it to his e-mail directly. It's very highly targeted that way."

Targeted phishing attacks of this sort are often referred to as spear-phishing attacks.

Panos Anastassiadis, president and CEO of Cyveillance, a computer security company, was among those who received the fake subpoena. Having some familiarity with such ruses, not to mention the fact that subpoenas aren't sent via e-mail, he wasn't fooled. A copy of the bogus e-mail has been posted on the company's Web site.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Cartoon
Hot Topics
18
IT Hiring: Social Media Matters
Marcia Savage, Managing Editor, Network Computing,  8/27/2014
5
How To Survive In Networking
Susan Fogarty, Editor in Chief,  8/28/2014
White Papers
Register for Network Computing Newsletters
Current Issue
Video
Slideshows
Twitter Feed