Beware the 'whaling' e-mail that includes your company info
Security firm warns of phishing e-mail that looks like it's from the U.S. District Court, includes your company information, but is designed to lure you to click on a link that will download malicious software.
You get an e-mail not only addressed to you, but it includes your company name and phone number and appears to come from the U.S. District Court.
It looks like a subpoena to appear in court on a civil case and it instructs you to download the document from a Web site.
What should you do?
Whatever you do, don't click on the hyperlink to the Web site, warns Web security services firm MX Logic. It's probably a malicious Web site that will download malicious software, such as a keystroke logger, to your machine.
The social engineering attack is similar to others, including phishing e-mails that. But this attack goes a step further by including your company phone number, which makes it seem even more legitimate.
If you're an executive, chances are you're the intended victim of a so-called whaling attack. While phishing attacks are aimed at anyone with an e-mail address, whaling attacks target big fish at companies where knowing a top executive's password opens a back door to sensitive insider information.
Remember, courts communicate via regular mail, not e-mail. In addition to some spelling errors in a sample whaling e-mail making the rounds this week, MX Logic found that the link went to a top-level domain other than ".gov" which was registered a few days earlier to someone in the U.K.