Whalers target CEOs with bogus subpoenas
Websense Security Labs have reported a sophisticated targeted phishing – called whaling – attack on named CEOs of large corporations. The email is a quite convincing "subpoena", supposedly from a district court in San Diego, California. Numerous recipients have been fooled into downloading a Trojan.
A sample of the email supplied to heise Online by Dan Hubbard of Websense included the text:
Issued to: (name purged)
SUBPOENA IN A CIVIL CASE
Case number: 94-621-PGM
United States District Court
YOU ARE HEREBY COMMANDED to appear and testify before the Grand Jury of
the United States District Court at the place, date, and time specified
Please download the entire document on this matter(follow this link) and
print it for your record.
This subpoena shall remain in effect until you are granted leave to
depart by the court or by an officer on behalf of the court ...
Failure to appear at the time and place indicated may result in a
contempt of court citation ...
Hubbard told heise Online that the emails are addressed to CEOs by name, and their corporate positions and telephone numbers are included. The "entire document" link downloads a keylogger Trojan. Over 100 corporations have been targeted so far. Although US courts never deliver subpoenas by email and the email itself contains numerous misspellings, many recipients have succumbed, some reporting back that the email was passed to the legal department for scrutiny – after the link was followed. Apparently not even a dummy document is delivered, and this alerted some of the victims after it was too late.