Subpoena Email sets up identity theft on tech-savvy professionals
Yesterday, Washington Post reported almost 2000 executives falling for a phishing fraud that was perpetrated on them by serving a subpoena via email. The subpoena e mail summoned them to court supposedly for a hearing on a case related to the company they were working for.
The 20,000 original recipients of the email were directed to a website to access the actual subpoena. Once they reached the site, the unlucky few who did were asked to download a browser add-on to be able to read the subpoena. Unsuspecting users while downloading the add-on also downloaded a phishing malware along with it. This phishing virus stole and relayed account login details of the mail recipients when they next accessed their banks online.
Experts troubled with success of the phishing fraud
Experts overlooking the case were worried over certain issues that the scam had thrown up:
- The Romania-based scam showed them even people who are expected to be technologically savvy can fall prey to such scams. The poor executives, including CEO’s, may have been taken in because the scam came in a way they least expected.
- Another cause of worry was the fact that victims were not warned by the poor English used in the mail nor by the lack of knowledge it displayed about legal procedure in the country.
- Then the experts were surprised fraudsters got success by using an old technique when they could have used more sophisticated routines. As mentioned earlier, probably it was the freshness of the cover of the scam that got them the results.
- Most anti-virus software, including McAfee and Symantec’s, were not able to detect the malicious software when it was being downloaded into user systems.
There are added risks to identities when they are stolen through phishing fraud by such organized gangs, the experts warned. They can be sold to other fraudsters who can take fresh credits using the stolen identities. The fraudsters take off with the loan amounts leaving their victims to deal with fresh debts and new debtors.
Related posts:
- Pharming: The Internet Scam that can wipe out Online Banking!
- Innocuous Facebook email invite could be your door to a phishing scam
- Identity Theft-Simple protection tips
- Georgians warned against Email informing of Capital One Account hack
- CRCable Internet users baited by a phishing email scam
April 17th, 2008 at 1:10 am
It is kind of a whaling attack targeting big fishes in corporate offices like CEO’s, top executives and managers.
“This is one of the best phish e-mails I’ve seen in the past 6 years” quoted by Mr. Steve Kirsch, a well known Silicon Valley entrepreneur.
Remember, that it is not legal to send subpoena via emails unless it is agreed by the people. Also All US Federal courts have URLs of the form “courtname.uscourts.gov” and not in the form “uscourts.com” mentioned in email. So Beware of these kinds of mails. The Abaca Email Protection Gateway (http://abaca.com/) service was the only service I know that quarantined these emails.