Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
CEO Spam Scam: Phishing For Big Fish
A new targeted spam campaign uses fake federal subpoenas to trick CEOs into clicking on a malware link. One source indicates that 15-20,000 spams went out. And amazingly, about 10 percent of the recipients responded!
1 Min Read
A new targeted spam campaign uses fake federal subpoenas to trick CEOs into clicking on a malware link. One source indicates that 15-20,000 spams went out. And amazingly, about 10 percent of the recipients responded!This latest spear phishing con -- targeted mal-mails that include personalized information -- included one sent to the CEO of security company Cyveillance
Oops.
Cyveillance's CEO, Panos Anastassiadis, sprang into action, among other things posting a copy of the spear phish letter.
Unfortunately, not all of the CEOs were as sharp as Anastassiadis, nor, evidently, were their IT teams: the malware involved in the campaign exploits known vulnerabilities that could -- and, dammit, should -- have been patched.
And that's the heart of this particular lesson -- along with the "No, d'uh!" reminder that federal courts do not send subpoenas by e-mail; you'd think a CEO would know these things!
Or maybe not. (Obviously not.)
This one reminded me of a recent bMighty contribution from Cisco that points out the security flaws that management both creates and represents.
And clearly that's a flaw the spear phishers understand all too well.
About the Author
You May Also Like
More Insights
