You receive an email message appearing to be an official subpoena from the United States District Court in San Diego.
Visually, the message looks official, includes your name, company name and phone number, and commands the recipient to appear before a grand jury in a civil case.
What do you do?
Unlike most e-mail phishing scams, this one passes the sniff test. “I think that it was well done in terms of something people would feel compelled to respond to,” said Steve Kirsch, the chief executive of Abaca, an antispam company based in San Jose, Calif, and a recipient of one of the 'subpoenas'. “Even the U.R.L. to find out more looked legitimate at first glance.”
Clicking on the link embedded in the message (which purports to offer a copy of the entire subpoena) results in the recipient who tries to view the document unwittingly downloading and installing software that secretly records keystrokes and sends the data to a remote computer over the Internet. This lets the criminals capture passwords and other personal or corporate information.
Scary stuff specifically because it does pass the sniff test, and according to the New York Times article spotlighting this, well targeted too (whaling is a play on the phishing term):
Thousands of high-ranking executives across the country have been receiving e-mail messages this week that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive’s name, company and phone number, and commands the recipient to appear before a grand jury in a civil case.
Several security researchers said that the real danger of the attack lay in a second level of deception, after the hidden software provided the attackers with digital credentials like passwords and electronic certificates.
Despite the seemingly easy-to-trace domain name, the feds guess this originates from China, and as such will be hard to stop.
Membership has its privileges, I guess. Welcome to the underbelly of the global economy.