EH-Net

Guys,

ISC has a story about a new 'click-the-link' email scam with a twist. It appears to be targetted at company CEOs claiming they have been issued a subpoena to give evidence in court. (Story here (http://isc.sans.org/diary.html?storyid=4289))

These sort of attacks appear to be gaining in popularity. From my experience this could be a scary trend as CEOs (and other director type roles) are often the least technically savvy in an organisation, along with often the worst security and patch level. I can't help thinking these are targets are going to be successful, and likely becoming less of a rarity.

<Update>
Forgot to mention, as is often the case AV covereage is poor 3/32 on VirusTotal (http://www.virustotal.com/)
</update>

Who fancies interrupting a round of golf to ask the top man not to click the pretty links?  (me neither...)

We added this style of attack to our risk briefings for CISOs about 6 months ago.  This is a version of the spear phishing attempts that have been gaining momentum, but the subpoena line is a new one to me.  Good post.

Thanks for the heads up.

Several years ago there was marketing research done by a direct mail company to determine which mail people were most likely to open first. The number one winner was a notice from the IRS that might look like an audit and the second place winner was mail from an attorney office that might look like a lawsuit. I can testify to the accuracy of this research when I have done social engineering. One time I actually sent an email so obviously a hoax just to prove a point from a law firm I called Dewey, Cheatum and Howe and it stilled worked, LOL! The officer of the company was rather embarrassed later on when I brought it to his attention.

Kev,

You truly are the lowest form of life on Earth. lol  I'll bet he felt like a hoarses @$$ afterwards. Great use of social engineering and it goes to prove where the weakest link in any security is, the end user.