Phishers Go To The Top
The web is crawling with phishers, and sometimes, one of them will aim its scam right at the top of the company. The latest phish attempts is aimed directly at companies' CEOs.
April 16, 2008
One of the persons to receive such an targeted scam was Panos Anastassiadis, President and CEO of Cyveillance. His email featured what it looked like a genuine federal subpoena instructing the recipient to appear in the US Courthouse on May 7, 2008.
A link was also included in the email, allegedly to the entire document that Anastassiadis was supposed to download and read.
Needless to say, this scam suffered from one fatal flaw: federal subpoenas aren't delivered via email. Given the conditions, it rather clear that the link in the email actually lead to a Trojan downloaded, ready to fill the victim's machine with malware.
While the scheme itself has almost nothing new about it, it's worth noting the approach:
“the phisher performed research before launching his or her attack. Specifically, the individual was able to locate use our CEO’s email address and the Cyveillance phone number in the email. This information was used to enable and build additional credibility for the attack.”
A copy of the bogus email is available here.