Whale Phishing

April 18, 2008 – 8:14 AM

One of the things I love about cutting-edge technology is the way we get to invent fun, new terminology. It seems to have been around before, but I just came across my first reference to “whale phishing.” It describes a phish where the target is a very important person, such as a CEO, i.e. a very big target.

An example of the phenomenon was written up in this Internet Storm Center writeup which describes a phony subpoena request sent to several CEOs, purportedly from the US Courts. It was further written up by McAfee, including a screen shot, in their blog. The recipient is give a link to click on; if they do so, they are asked to install a “browser plug-in” in order to view the document; the file is named Acrobat.exe. If they do so, they are served with malware which McAfee classifies as TROJ_AGENT.AMAL.

Of course, the US Courts don’t e-mail subpoena requests directly to CEOs.

Source: PC Magazine

You must be logged in to post a comment.