Ride the Lightning

PHISHING WITH BAITED SUBPOENAS

April 17, 2008

Just when you think you’ve seen everything, the bad guys invent a new spin on an old game. Phishing for data is now old hat – we’ve all received notices from banks where we have no accounts telling us we must verify our accounts. This year, it was pretty clever when the phishers came up with an e-mail from the IRS requiring us to enter information to collect our “refund.” That certainly suckered in thousands of folks who apparently didn’t want to look a gift horse in the mouth even when they KNEW they shouldn’t be getting a refund. Never underestimate the power of greed.

The latest twist is a pseudo-subpoena from a court. I’m actually quite chagrined that I did not receive one of these – my friend Ross Kodner was kind enough to send me his. I really felt excluded from the Cool Kids Club. It was fun to take a look at the “subpoena.” The underlying idea is ingenious in one sense, because almost everyone is afraid of getting in trouble with a court. Of course the execution of the idea was execrable – what might been a great scam was foiled by an author who never made it out of 3rd grade English.

As an example of the mangled language, here is a verbatim part of the document. "Any organisation not a party to this suit thas is subponaed for the taking of a deposition shall designate one or more offcers, directors, or managing agents, or other persons to testify on its behalf, and may set forth, for each person designated, the matters on wich the person will testify. Federal Rules of Civil Procedures,20(b)(6). Failure to appear at the time and place indicated may result in a contempt of court citation. Bring this subpoena with you to the courtroom and oresent it to the bailiff. Direct any questions to the person requesting you to appear: City Prosecutor."

Though a fairly pathetic example of phishing, the link to a document which users were told to download carried the usual virus harvesting passwords, account numbers, credit card numbers, etc. In spite of the clear red flags, VeriSign’s iDefense Labs estimated that 1,800 recipients clicked on the link. Though the incident is being investigated, law enforcement and computer forensics experts rarely catch the phishers, who decamp with predictable regularity after quickly socking away what data they can. In this incident, the point of origin appears to have been a server in Singapore, which is probably a kiss of death for the investigation, though I’d love to be wrong on that score.

The Administrative Office of the U.S. Courts posted an alert on its website after (unsurprisingly) receiving a lot of calls. The law.com article may be found at http://www.law.com/jsp/article.jsp?id=1208342617032 and the AO notice may be found at http://www.uscourts.gov/newsroom/2008/alert.cfm

E-mail:        Phone: 703-359-0700