Beware of "Spear-Phishing" E-mail Purporting to Serve a Grand Jury Subpoena
4/17/2008
1:29 pm
In the past few days, general counsel and other corporate officials across the country have been receiving an email that appears to be generated by the United States District Court in San Diego (with a "uscourts.com" suffix) requesting testimony in connection with a grand jury proceeding.
These emails are not legitimate. Criminal investigators call such emails "spear-phishing" -- tricking, luring or enticing recipients to respond in order to acquire sensitive information or otherwise compromise the recipient's computer system. Phishing emails commonly involve purported giveaways, ask for personal information or ask the recipient to download an attached file. One of the most recent email scams purports to "serve" a federal grand jury subpoena by email. Others purport to inform contain information of pending employment complaints or tax matters. They instruct the recipient to follow a link, which then infects the receiving computer with "malware," such as a virus or worse.
These emails might initially appear legitimate because often they bear a government agency's logo, or appear to link to or originate from a legitimate government agency web site. The most recent variation targets C-level executives and tries to lead the recipient to believe that his or her company is being served with a grand jury subpoena, which is supposedly accessible via an embedded link. Opening the link, however, installs "spyware," including a "keylogger," which records and reports the user's keystrokes--including passwords and other confidential information.
The Federal Bureau of Investigation has been advised of this scam, and the federal Internet Crime Complaint Center is investigating. Nevertheless, it is still important to be proactive. Inform your legal department and management of this hoax so that they will recognize it for what it is. Additionally, if you or another member of your organization has clicked on the link, you should avoid using the computer until your company's IT staff has carefully checked the computer for spyware. Your company's existing filters may not screen out the malware.
How To Avoid Phishing Email Scams
The federal government provides excellent tips about avoiding phishing schemes. Some of the best sources are the web sites of the Federal Bureau of Investigation and the Federal Trade Commission. The following tips might appear self-evident, but otherwise computer-savvy individuals have been fooled. Thousands of companies have been targeted by the uscourts.com email in the past few days:
Closely review the email for errors in grammar, syntax and spelling. If the email is oddly worded or contains "British" spellings (i.e., "organisation"), you may be placing yourself at risk.
Consider whether the email arrives unexpectedly, from an unanticipated or unusual source. Subpoenas are not served by email. Government investigators rarely communicate by email and are unlikely to provide information about pending investigations by email. Be extra-cautious about clicking on links or opening attachments from an unanticipated sender.
If you have any suspicions about an email, do not open attachments or click on links. If you think the email may be legitimate, go to the "real" web site for the sender and make sure that you are not re-directed to a "phishing" site.
Closely examine the sender's email address. If the address is not what you would expect, then trust your instincts. Never trust an unknown source.
A "local" phone number is no guarantee against a fraud. Internet scammers can use other technology such as VOIP (Voice Over Internet Protocol) to trick you into believing that they are "local," when they are located in eastern Europe, China, India or anywhere else. Call the number you know, not the number in the email.
Never open emails asking for personal information, donations or investments, particularly from unknown senders.
Anti-spyware and firewall software should be used and updated rigorously.
If you or someone in your company clicked on a link in a "phishing" email, have your computer inspected carefully and immediately. Your computer may need to be "scrubbed." It could be used to send out additional "phishing" emails throughout your company or to all of your contacts.
In the event that you receive a phishing email, you may forward it to the company or agency which purportedly generated the email - with an appropriate warning attached! You may also file complaints with the federal Internet Crime Complaint Center, the Federal Trade Commission or an appropriate state or local agency.
The opinions expressed in this bulletin are intended for general guidance only. They are not intended as recommendations for specific situations. As always, readers should consult a qualified attorney for specific legal guidance.
RSS feed: RSS is a web feed format used to publish frequently-updated content. Use this feed in an RSS reader or browser (Safari 2, Firefox 2, or Internet Explorer 7 and higher)
ICS file: Use this feature to download an ICS file to use to import the calendar's event(s) into another program, such as Outlook, iCal, or Google Calendar.
ICS Feed: This is a live feed in the iCalendar format. To use this feed, you will need a program capable of subscrbing to a life iCalendar feed. Some examples include Apple iCal, Microsoft Outlook 2007 or higher, or Windows Calendar in Vista.
