Fake Subpoenas Drive the Latest Phishing Attack

The SANS Internet Storm Center on Monday issued a warning to CEOs: don't be fooled by fake federal subpoenas sent by e-mail. The fake e-mails are part of a phishing attack targeting CEOs of some companies. Such targeted attacks are widely known as spear-phishing attacks.

"We've gotten a few reports that some CEOs have received what purports to be a federal subpoena via e-mail ordering their testimony in a case. It then asks them to click a link and download the case history and associated information," said John Bambenek, a security researcher at the University of Illinois at Urbana-Champaign and Internet Storm Center handler, in an online post. "One problem," he continued, "it's total bogus."

Click Here for Malware

Bambenek described the attack as a "click-the-link-for-malware" typical spammer stunt. His immediate advice: First and foremost, don't click on such links. An interesting component of this scam, he said, is that it properly identifies CEOs and sends e-mail directly.

Federal courts do not "serve" formal processes by e-mail. While there is an Electronic Case Management System, the initial contact for a subpoena, lawsuit or other process is done the old fashioned way -- hand delivery.

"Presumably, if you did already get served, you would have a lawyer handling the case for you. In that instance, the lawyer, not you, would be getting electronic notices from the court after service has been handled," Bambenek said.

Targeting a Security CEO

Cyveillance President and CEO Panos Anastassiadis was one of the corporate chiefs targeted. The e-mail instructed Anastassiadis to appear in a U.S. courthouse on May 7, and provided a link to download the subpoena.

The Web page says the case has been closed and no further action is required from the visitor. However, clicking on the link will not only load the page, but also download a Trojan that would...