Bank execs targeted by fake Department of Justice phishing emails

Share this article:

Corporate executives again are being targeted in a new round of spear phishing attacks that attempt to dupe them into downloading a malicious attachment.

The messages claim to be a complaint from the federal Department of Justice against the recipient's company, according to a Websense Security Labs alert. The email says that a copy of the original complaint is attached in the email – but clicking on it infects the user's machine with a trojan downloader.

Around midday Monday, researchers at MessageLabs first detected the campaign, in which senior employees working in financial organizations, such as banks and credit unions, were targeted. The messages contain subjects with the recipient's full name.

Experts believe the same gang was involved in a similar scam in September.

Paul Wood, senior analyst for MessageLabs, told SCMagazineUS.com today that he is unsure why top executives are being targeted.

 "It may be they want to try and find information on those computers that may be sensitive...such as information about mergers and acquisitions." he said. "There may be corporate intellectual property that they may be discussing."

Another possibility is that it is easier for cybercrooks to find information about these individuals than the average employee, therefore making them easier targets through social engineering, Wood said.

Monday's attack arrived in two waves, MessageLabs said. In the first one, the email subject line contained the full name of the recipient and a ZIP file attachment containing a .scr executable.

The second wave arrived several hours later and included a rich text format (RTF) file attachment with a .doc attachment, this time claiming to come from the Better Business Bureau. This attack contained an executable that was disguised as a PDF, according to MessageLabs.

None of the major anti-virus vendors could initially detect the attacks, Websense said.

The IRS and Federal Trade Commission also have been used in similar schemes.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Skills in demand: Communications and messaging experts

Skills in demand: Communications and messaging experts

The demand for infosec-focused communications and messaging pros is growing.

Company news: New execs at Malwarebytes and an acquisition by VMware

The latest mergers and acquisitions and personnel moves, including Malwarebytes, Abacus Group, VMware, Bay Dynamics, vArmour, Secunia, Norse and more.

Bridging the talent gap in health care

Bridging the talent gap in health care

Cybercriminals are primarily after patient data as it really gets them more money.