Wednesday, June 20, 2007

FTC name impersonated to phish (steal information) from corporate executives

Spammers love to impersonate official agencies to hook their victims (phish). Recently, the attacks have become more specific targeting people by name, and or title. Here is a warning from the Federal Trade Commission (FTC):

Consumers, including corporate and banking executives, appear to be targets of a bogus e-mail supposedly sent by the Federal Trade Commission but actually sent by third parties hoping to install spyware on computers. The bogus e-mail poses as an acknowledgment of a complaint filed by the recipient, and includes an attachment. Consumers who open the attachment to this e-mail unleash malicious spyware onto their computer. The agency warns consumers who get this e-mail that purports to be from the FTC:

Don’t open the attachment.
Delete the e-mail.
Empty the deleted items folder.

The hoax e-mail is personalized, and contains the name of the recipient and their business. The bogus message explains how the complaint will be used, who will have access to it and states, “Attached you will find a copy of your complaint. Please print a hard copy of the complaint for your records in the upcoming investigation.” Opening the attachment downloads the malicious spyware.


The press release doesn’t specify exactly what the malicious spyware is.

Recently, the IRS and Better Business Bureau names were being used in a similar manner. In this attack, corporate executives were being specifically targeted, also. This type of attack is known as spear phishing.

Here is a post on the attack spoofing (impersonating) the IRS and BBB:

Spear phishermen target executives to steal company information

FTC release on this attack, here.

No comments: