Fake Subpoenas Sent To CEOs For Social Engineering

An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"

Subpoena by *email* ??

[nurb432]

If you fall for that you deserve to get taken.

You already have real problems.

[Cajun Hell]

So, first and foremost, don't click on such links.

If clicking a link poses even the slightest risk, you need to replace your software ASAP.

Websites don't "run" malware; users download and install malware with execution privileges. Or their defective user agents do it for them. CEOs don't need defective user agents. I'm not sure who does.

Hmmm....

[Otter]

If you're the CEO of a major corporation (or the admin who reads and prioritizes his email for him), you're crazy to be clicking on something like that even if it were guaranteed to be real. That's what you have a legion of lawyers for.

Clever scheme, though.

Re:Subpoena by *email* ??

[Anonymous Coward]

Actually my experience in Corperate IT, most C*O executives are dumb enough to open such items.

Cripes most virus infections at corperations come from these dimrods.

Re:Subpoena by *email* ??

[nomadic]

One problem that I've noticed is that muckity-mucks often feel that they're "above" being targeted by such menial things as malware.

If you're an experienced executive you should at least realize that you need to be served with a subpoena, and e-mail isn't a valid method of service (yet). Oh well, business majors aren't known for their intellectual sharpness...

easily done

[locokamil]

I don't know about other industries, but in the financial industry (as far as I know) employees are required to have an address of format [name1.name2]@[company domain].

Makes for easy spamming...