CEO Spam Scam: Phishing For Big Fish
A new targeted spam campaign uses fake federal subpoenas to trick CEOs into clicking on a malware link. One source indicates that 15-20,000 spams went out. And amazingly, about 10 percent of the recipients responded!
![](https://eu-images.contentstack.com/v3/assets/blt6d90778a997de1cd/bltc94608acf452fd67/655cf371ab171e040a838b2a/329050_DR23_Graphics_Website_V5_Default_Image_v1.png?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
A new targeted spam campaign uses fake federal subpoenas to trick CEOs into clicking on a malware link. One source indicates that 15-20,000 spams went out. And amazingly, about 10 percent of the recipients responded!This latest spear phishing con -- targeted mal-mails that include personalized information -- included one sent to the CEO of security company Cyveillance
Oops.
Cyveillance's CEO, Panos Anastassiadis, sprang into action, among other things posting a copy of the spear phish letter.
Unfortunately, not all of the CEOs were as sharp as Anastassiadis, nor, evidently, were their IT teams: the malware involved in the campaign exploits known vulnerabilities that could -- and, dammit, should -- have been patched.
And that's the heart of this particular lesson -- along with the "No, d'uh!" reminder that federal courts do not send subpoenas by e-mail; you'd think a CEO would know these things!
Or maybe not. (Obviously not.)
This one reminded me of a recent bMighty contribution from Cisco that points out the security flaws that management both creates and represents.
And clearly that's a flaw the spear phishers understand all too well.
About the Author(s)
You May Also Like
CISO Perspectives: How to make AI an Accelerator, Not a Blocker
August 20, 2024Securing Your Cloud Assets
August 27, 2024