DETROIT – By now, most e-mail users are wise to the scam of phishing – sending a spoofed e-mail message that appears to be from a legitimate business, such as a bank, which directs the recipient to a fake web site seeking verification of personal information such as passwords or credit card numbers. A new twist on phishing known as spear-phishing has been directed at Chief Executive Officers in order to gain access to the victims’ computers.
Spear-phishing messages are more targeted to the victim and may contain specific, accurate information, including the CEO’s name and the company’s name. In a recent example of spear-phishing launched from a web server in China, CEOs received an email message purporting to be from a federal court stating that a subpoena was being directed to the CEO with a link to a web address ending in “uscourts.com.”
More than 1,800 CEOs clicked on the link. Once the victims arrive at the bogus site, they are asked to view court documents by downloading a browser plug-in, which is actually malware used to gain access to the victim’s computer.
A word to the wise CEO – proceed with caution before clicking on a link, even if the message appears to be from a reliable source. Better to seek confirmation from your information systems resources than fall victim to a spear-phishing scam.
This column was written by Kathryn Ossian,
Miller, Canfield Information Technology/Intellectual Property Practice Lead
a>>
