Beware the 'whaling' e-mail that includes your company info

Security firm warns of phishing e-mail that looks like it's from the U.S. District Court, includes your company information, but is designed to lure you to click on a link that will download malicious software.

You get an e-mail not only addressed to you, but it includes your company name and phone number and appears to come from the U.S. District Court.

It looks like a subpoena to appear in court on a civil case and it instructs you to download the document from a Web site.

What should you do?

Whatever you do, don't click on the hyperlink to the Web site, warns Web security services firm MX Logic. It's probably a malicious Web site that will download malicious software, such as a keystroke logger, to your machine.

The social engineering attack is similar to others, including phishing e-mails that purport to come from the Internal Revenue Service . But this attack goes a step further by including your company phone number, which makes it seem even more legitimate.

If you're an executive, chances are you're the intended victim of a so-called whaling attack. While phishing attacks are aimed at anyone with an e-mail address, whaling attacks target big fish at companies where knowing a top executive's password opens a back door to sensitive insider information.

Remember, courts communicate via regular mail, not e-mail. In addition to some spelling errors in a sample whaling e-mail making the rounds this week, MX Logic found that the link went to a top-level domain other than ".gov" which was registered a few days earlier to someone in the U.K.

A new phishing e-mail targeting CEOs looks like a subpoena and includes a company name and number. This shows the top part of the e-mail. MX Logic
 

Join the discussion

Conversation powered by Livefyre

Don't Miss
Hot Products
Trending on CNET

HOT ON CNET

Find Your Tech Type

Take our tech personality quiz and enter for a chance to win* high-tech specs!