Spammers Revive The Whaling Industry

Anybody who has e-mail knows all about phishing scams. As spam filters and firewalls become more potent, and users become more sophisticated and informed about responding to online deceptions, the spammers have had to become more sophisticated in their approach too. One approach spammers now use is to avoid mass e-mailing and tailor their message to a few high-profile targets. They call this approach "whaling."

Thousands of high-ranking executives across the country have been receiving e-mail messages this week that appear to be official subpoenas from the United States District Court in San Diego. Each message includes the executive’s name, company and phone number, and commands the recipient to appear before a grand jury in a civil case.

A link embedded in the message purports to offer a copy of the entire subpoena. But a recipient who tries to view the document unwittingly downloads and installs software that secretly records keystrokes and sends the data to a remote computer over the Internet. This lets the criminals capture passwords and other personal or corporate information.

Another piece of the software allows the computer to be controlled remotely. According to researchers who have analyzed the downloaded file, less than 40 percent of commercial antivirus programs were able to recognize and intercept the attack.

In general, executives in large corporations are not all that familiar with the workings of the Information Technology utilities they use, and so can be ripe for tricking into offering up information others might not. And there's treasure in a CEO's keystrokes for a phisher. Sooner or later, the people who run the largest companies in the world are going to have to be as smart as their administrative assistants, or someone in Singapore is going to rob them blind. Two thousand executives have reportedly fallen for this scam. That's a lot of blubber.