Hash: SHA1
US-CERT Current Activity
Federal Subpoena Spear-Phishing Attack
Original release date: April 15, 2008 at 8:31 am
Last revised: April 16, 2008 at 9:34 am
US-CERT is aware of public reports of a spear-phishing attack
circulating via email messages that claim to be federal subpoenas.
These messages appear to be legitimate because they can contain very
specific information about the message recipient. The message requests
that the user follow a link to download additional information about
the case, but if a user clicks on this link, malicious code may be
installed on the system.
US-CERT encourages users to do the following to help mitigate the
risk:
* Review the alert posted by the U.S. Courts regarding this issue.
* Do not follow unsolicited web links received in email messages.
* Refer to the Recognizing and Avoiding Email Scams (pdf) document
for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks
document for more information on social engineering attacks.
* Install anti-virus software and keep virus signature files up to
date.
Relevant Url(s):
<http://www.us-cert.gov/cas/tips/ST04-014.html>
<http://www.uscourts.gov/newsroom/2008/alert.cfm>
<http://www.us-cert.gov/reading_room/emailscams_0905.pdf>
====
This entry is available at
http://www.us-cert.gov/current/index.html#federal_subpoena_email_scam
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iQEVAwUBSAYB6PRFkHkM87XOAQLgNQf8CBPUwEJgYibCC4+NMuZeF37Rc17VUY9A
cpIzgSfzGEHOZdXg5QpxGriR+s7oAeU8kjnMUG4a5XqgfghgzUMi7g3gMNW1D21I
ZeRq0EZoRCDCPOIOTdMFraQ1ebArGZioE4Swt4n1c5fVMXe7kUGsz8LEkdvBIYbx
8e1npS5J23RJmLYggs4U8lUFsZQ7aD7bN97N0KcToBjcZ8PY9IxsENLEGnXL8wz8
S35STZvhFEm6Ip25gw0WCNUEtwpmuALKvjglk3yRin8sWJic3Ei6my5ObEKrbgzX
O4+WVk6JHspGUdZq5RmE5Z0+O6Z3n416bX2lwS5JozzAhe4Jbz1xIA==
=uYMn
-----END PGP SIGNATURE-----
0 comments:
Post a Comment