(1888PressRelease)
April 17, 2008 - What: US Federal Court Subpoena Phish: cacd-uscourts.com
On April 14, 2008, Steve Kirsch, founder and chairman of the board of Abaca Technology Corporation received an official looking subpoena via email requesting him to appear in San Diego in front of a grand jury. It had his name, phone number, company, and correct email address on it and it looked pretty legitimate. Even the URL to find out more information looked legitimate at first glance.
A very sophisticated US Federal Court Subpoena phishing attack appearing to be sent from the United States District Court [mailto:subpoena ( @ ) uscourts dot com] was launched over this past weekend dot Sent to CEOs only via very targeted and personalized emails dot
Abaca investigated the situation and in most cases these emails were quarantined by the Abaca Email Protection Gateway (EPG) service.
The email is an official looking subpoena via email requesting the recipient to appear in front of a grand jury. It had may have the recipient’s name, phone number, company, and correct email address included in the message. Even the URL looks legitimate at first glance. This is not a legitimate message and should not be released from your user’s quarantine.
Please advise your readers to not open this message or release it from their quarantine.
Its purpose is to download malware onto their computer. If the email was released for their quarantine, please have them delete it. Warn your users to not click the link.
More info about this scam:
• Castle Cops U.S. Courts@ cacd-uscourts.com
E-mail scam alerts posted to the home page of both central and southern district courts:
• United States District Court - CASD - Welcome to CASD
• Welcome to the United States District Court Central District of California
Protecting yourself from phish attacks
http://www.junkfax.org/fax/phish/uscourtsPhish.htm
So how do you protect yourself?
1. Find out whether your current spam filter has a way to detect phish like these and how it works. If you are not satisfied with what you learn, check out the spam filter from Abaca which operates using recipient reputation and can instantly and reliably detect phish such as these as soon as they are launched without any human input.
2. Never download any software from a source you do not know.
3. Look for typos and other mistakes in the email.
4. If the email asks you to go to a web site, treat it suspiciously. Check out other pages at that website.
See if the images on the site belong to the site. You can also use “who is” to determine how long ago the
site was created and who controls it.
5. Never trust anything in an unsolicited email from someone you do not know, no matter how legitimate it
looks.
