Bank execs targeted by fake Department of Justice phishing emails

Share this article:

Corporate executives again are being targeted in a new round of spear phishing attacks that attempt to dupe them into downloading a malicious attachment.

The messages claim to be a complaint from the federal Department of Justice against the recipient's company, according to a Websense Security Labs alert. The email says that a copy of the original complaint is attached in the email – but clicking on it infects the user's machine with a trojan downloader.

Around midday Monday, researchers at MessageLabs first detected the campaign, in which senior employees working in financial organizations, such as banks and credit unions, were targeted. The messages contain subjects with the recipient's full name.

Experts believe the same gang was involved in a similar scam in September.

Paul Wood, senior analyst for MessageLabs, told SCMagazineUS.com today that he is unsure why top executives are being targeted.

 "It may be they want to try and find information on those computers that may be sensitive...such as information about mergers and acquisitions." he said. "There may be corporate intellectual property that they may be discussing."

Another possibility is that it is easier for cybercrooks to find information about these individuals than the average employee, therefore making them easier targets through social engineering, Wood said.

Monday's attack arrived in two waves, MessageLabs said. In the first one, the email subject line contained the full name of the recipient and a ZIP file attachment containing a .scr executable.

The second wave arrived several hours later and included a rich text format (RTF) file attachment with a .doc attachment, this time claiming to come from the Better Business Bureau. This attack contained an executable that was disguised as a PDF, according to MessageLabs.

None of the major anti-virus vendors could initially detect the attacks, Websense said.

The IRS and Federal Trade Commission also have been used in similar schemes.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

LEADS Act addresses gov't procedure for requesting data stored abroad

LEADS Act addresses gov't procedure for requesting data ...

Senators introduced the legislation last week as a means of amending the Electronic Communications Privacy Act (ECPA).

Report: Intrustion prevention systems made a comeback in 2013

Report: Intrustion prevention systems made a comeback in ...

A new report indicates that intrusion prevention systems grew 4.2 percent in 2013, with growth predicted to continue.

Mobile device security sacrificed for productivity, study says

Mobile device security sacrificed for productivity, study says

A Ponemon Institute study, sponsored by Raytheon, revealed that employees increasingly use mobile devices for work but cut corners and circumvent security.