Warning about fake federal subpoenas
Posted: Tue May 06, 2008 8:13 am
I don't ever post the warnings I get through the USG system here, but this one is sufficiently sophisticated and insidious that I thought I would alert you folks here.
To All Eastern District of California Attorneys,
In recent weeks, thousands of high-ranking executives across the country received e-mail messages that appear to be official subpoenas from the United States District Court in San Diego, CA. Each message included the executive's correct name, email address, company name, and phone number, and commands the recipient to appear before a grand jury in a civil case. The link embedded in the message purports to offer a copy of an entire subpoena, but when the recipient tries to view the document, they unwittingly download and install software that secretly records keystrokes and sends the data to a remote computer over the Internet. This enables criminals to capture passwords and other personal or financial information and starts software that allows the computer to be controlled remotely so the attackers can obtain digital credentials, passwords, and electronic certificates.
The message directed victims to a Website with a URL that ended with "uscourts.com" instead of the official site "uscourts.gov." Misspellings in the fake subpoena lead investigators to believe that the attackers were not familiar with the U.S.
court system, and might be based in a place that uses a British variant of English.
The AOUSC, FBI, Federal Trade Commission (FTC), S/CA and C/CA have all posted warnings about the fake messages on their Web-sites after hundreds of phone calls from individuals and corporations were received about these messages. Other cases have involved legitimate businesses such as America OnLine, CitiBank, e-Bay and numerous others. The e-mails often contain logos that closely resemble those of the legitimate businesses. In this case the seal of the U.S. Courts was included.
To All Eastern District of California Attorneys,
In recent weeks, thousands of high-ranking executives across the country received e-mail messages that appear to be official subpoenas from the United States District Court in San Diego, CA. Each message included the executive's correct name, email address, company name, and phone number, and commands the recipient to appear before a grand jury in a civil case. The link embedded in the message purports to offer a copy of an entire subpoena, but when the recipient tries to view the document, they unwittingly download and install software that secretly records keystrokes and sends the data to a remote computer over the Internet. This enables criminals to capture passwords and other personal or financial information and starts software that allows the computer to be controlled remotely so the attackers can obtain digital credentials, passwords, and electronic certificates.
The message directed victims to a Website with a URL that ended with "uscourts.com" instead of the official site "uscourts.gov." Misspellings in the fake subpoena lead investigators to believe that the attackers were not familiar with the U.S.
court system, and might be based in a place that uses a British variant of English.
The AOUSC, FBI, Federal Trade Commission (FTC), S/CA and C/CA have all posted warnings about the fake messages on their Web-sites after hundreds of phone calls from individuals and corporations were received about these messages. Other cases have involved legitimate businesses such as America OnLine, CitiBank, e-Bay and numerous others. The e-mails often contain logos that closely resemble those of the legitimate businesses. In this case the seal of the U.S. Courts was included.