Federal Subpeona Email Hoax from Subpoena@uscourts.com Snares CEOs   5/6/2008 - 336 views,

Faced with this email, would you attempt to comply with the instructions, and click the link?

If you did, you would not be alone. Almost 2000 of those who received the email are estimated to have clicked on the link, falling prey to a targeted “spear-phishing” attempt that downloads to their computer and those networked to it a virus designed to gather passwords, financial account and credit card details, and other similar private information.

A number of those targeted executives paused before clicking on the link and called the U.S. Courts Administrative Office for clarification, which responded by posting an alert on its web site, reminding readers that the Courts are a federal institution and therefore any email would come from a .gov and not a .com domain, and that in any case grand jury subpoenas delivered by email are not valid communications.

Verisign’s iDefense Labs, a cyber-security operation, has been keeping their eye on this and similar phishing attempts, appearing to come from other District Courts, from the Internal Revenue Service and from the Better Business Bureau. Working with law enforcement, network forensics investigators have followed the trail to a Singapore-based server, though no further information is available at this time.

While this particular group of criminals weren’t too literate, as their emails contained a number of waving red flags, among them gross grammatical errors and misspellings, sooner or later a well-written evil email will be sent. Let us remind our readers, regardless of position in company hierarchy, to always follow safe email practices.

• Never open, forward, or reply to suspicious-looking emails. Just delete them.
• Never open email attachments or click on a link in an email unless you’re confident you know exactly what they are; confirm with the sender if not completely sure.
• Keep your antivirus, firewall and adware-defense software updated.