Beware the 'whaling' e-mail that includes your company info
You get an e-mail not only addressed to you, but it includes your company name and phone number and appears to come from the U.S. District Court.
It looks like a subpoena to appear in court on a civil case and it instructs you to download the document from a Web site.
What should you do?
Whatever you do, don't click on the hyperlink to the Web site, warns Web security services firm MX Logic. It's probably a malicious Web site that will download malicious software, such as a keystroke logger, to your machine.
The social engineering attack is similar to others, including phishing e-mails that purport to come from the Internal Revenue Service. But this attack goes a step further by including your company phone number, which makes it seem even more legitimate.
If you're an executive, chances are you're the intended victim of a so-called whaling attack. While phishing attacks are aimed at anyone with an e-mail address, whaling attacks target big fish at companies where knowing a top executive's password opens a back door to sensitive insider information.
Remember, courts communicate via regular mail, not e-mail. In addition to some spelling errors in a sample whaling e-mail making the rounds this week, MX Logic found that the link went to a top-level domain other than ".gov" which was registered a few days earlier to someone in the U.K.
A new phishing e-mail targeting CEOs looks like a subpoena and includes a company name and number. This shows the top part of the e-mail.
(Credit: MX Logic)
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. 
