Beware the 'whaling' e-mail that includes your company info

Security firm warns of phishing e-mail that looks like it's from the U.S. District Court, includes your company information, but is designed to lure you to click on a link that will download malicious software.

You get an e-mail not only addressed to you, but it includes your company name and phone number and appears to come from the U.S. District Court.

It looks like a subpoena to appear in court on a civil case and it instructs you to download the document from a Web site.

What should you do?

Whatever you do, don't click on the hyperlink to the Web site, warns Web security services firm MX Logic. It's probably a malicious Web site that will download malicious software, such as a keystroke logger, to your machine.

The social engineering attack is similar to others, including phishing e-mails that purport to come from the Internal Revenue Service . But this attack goes a step further by including your company phone number, which makes it seem even more legitimate.

If you're an executive, chances are you're the intended victim of a so-called whaling attack. While phishing attacks are aimed at anyone with an e-mail address, whaling attacks target big fish at companies where knowing a top executive's password opens a back door to sensitive insider information.

Remember, courts communicate via regular mail, not e-mail. In addition to some spelling errors in a sample whaling e-mail making the rounds this week, MX Logic found that the link went to a top-level domain other than ".gov" which was registered a few days earlier to someone in the U.K.

A new phishing e-mail targeting CEOs looks like a subpoena and includes a company name and number. This shows the top part of the e-mail. MX Logic
 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

iPhone running slow?

Here are some quick fixes for some of the most common problem in iOS 7.