Business Executives are "Big Phish" to Hackers

By Matthew Harwood

Hackers have devised a new phishing scam where they play Ahab to U.S. corporate executives' Moby Dick.

The scam, according to Agence France Presse, has a novel name.

Internet security insiders refer to the attacks as "whaling" because they use social-engineering trickery involved in "phishing" but target individual "big phish" instead of casting nets in a sea of Internet users.

In the scam, hackers send an e-mail to a targeted executive. The email looks official and carries the seal of the U.S. federal court in San Diego, California. Inside the e-mail—which contains the executive's name, address, and other individual details— is a link that allows the recipient to look at the subpoena online.

When the link is clicked, a fake but realistic document appears. At the same time, malicious code is downloaded onto the recipient's computer. The code allows hackers to take control of the computer or steal passwords and other valuable corporate information, which is then sent to a remote computer through the Internet.

The article reminds anyone receiving such an e-mail that, in the United States, subpoenas are traditionally delivered in person and not over the Internet.




View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.