Fake Subpoenas Sent To CEOs For Social Engineering 112
An anonymous reader writes "The Internet Storm Center notes that emails that look like subpoenas are being sent out to the CEOs of major US corporations. The email tries to entice the victim to click on a link for 'more information.' According to the ISC's John Bambenek: 'We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via email ordering their testimony in a case. It then asks them to click a link and download the case history and associated information. One problem, it's [totally] bogus. It's a "click-the-link-for-malware" typical spammer stunt. So, first and foremost, don't click on such links. An interesting component of this scam was that it did properly identify the CEO and send it to his email directly. It's very highly targeted that way.'"
Boss got this yesterday (Score:5, Interesting)
Also - I wonder... Is there some "hacker code" out there that says if you are sending out a phishing email - you must misspell at least a few words? Cause these subpoenas looked fairly good - but there were misspellings. Can't they just run the emails through Word or Open Office before they send them out?
Re:Subpoena by *email* ?? (Score:4, Interesting)
I have been saying this... (Score:3, Interesting)
The real danger lies elsewhere. Stories like this and the cyber-war story about the US and China are the ones that you need to follow and think about.
The chances that your company is already compromised by the NSA or some other country's spy agency/military is reasonably high, no matter what you do.
Okay, so you make cheeseburger boxes for several chain restaurants, who would want data from your system?
It looks a lot like the butterfly effect http://en.wikipedia.org/wiki/Butterfly_effect [wikipedia.org] in the fact that one small chance encounter or small piece of information can greatly affect the outcome of a particular chain of events. Your company makes cheeseburger boxes for a company whose CEO, in turn, is a friend of or associate of some political figure. This information is gleened from your system via email, and phishing email is used to get that political figure to open an email which is a dupe of a previous email sent, but contains an active-x payload... this in turn leads to more serious and useful information down the road... and viola! you have enough for a hack on the RNC mail server...
Something like that, just work out your own end goal and play 6 steps to Kevin Bacon to find out how to get there. Much is public information and can be used to nail the last link you need for planting the right spyware in the right place, unnoticed, undetected, unfettered. No need for millions of bots, just one well placed piece of code.
Best part is that it is enabled/started by the high-ranking user, one that is never spied on, so the malware is safely sitting there doing it's thing without interruption.
That is how spying works, a little bit at a time, patiently looking for a chink in the armor.
Agreed (Score:1, Interesting)
The admin actually was quoted as saying "Since when are they sending subpoenas by email?".
Re:Boss got this yesterday (Score:3, Interesting)
Yes there is. By mispelling [sic pun] a few words, you can confuse anti-spam filters that are looking for duplicate mass mailed documents or for specific words. Typical spamming programs will allow you to insert random chars (replace 1, l or ! for I) or will substitute some automatically.
That might help it get past the spam filter, but it certainly doesn't help it get past the "Me" filter. *I* will recognize the email as a phish based on a SINGLE misspelling. The problem isn't getting past the filters, the problem is convincing the user that the email is legitimate, and misspellings only hurt that cause.