January 09, 2012, 8:50 AM —
Emails in which security consultancy Stratfor appears to invite customers to rate its response to a recent security breach are not actually from its CEO, the company said.
Last month, Stratfor offered identity protection to its customers following the theft of their email addresses, payment details and other information from its website. Now some of those customers are being targeted by a phishing campaign purporting to be from the company's founder and CEO George Friedman.
"There is a fraudulent email that appears to come from George.Friedman[at]Stratfor.com. I want to assure everyone that this is not my email address and that any communication from this address is not from me," Friedman wrote on the company's Facebook page on Friday. "Stratfor would never ask customers and friends to provide personal information through the type of attachment that was part of the email," he continued.
Members of the hacktivist collective Anonymous claimed responsibility for breaching the security on Stratfor's website in December. The hackers stole tens of gigabytes of confidential information, including customer details, credit card numbers, usernames, MD5 password hashes and email addresses.
The Stratfor website has been offline ever since the breach was discovered, and visitors are greeted by a temporary page informing them about the downtime. In the absence of its official hub of online communication, the company has relied on Facebook and Twitter to inform its customers.
The emails Friedman speaks about in his Facebook announcement were received last week by some of the Stratfor customers whose contact information was exposed during the breach.
Security experts from antivirus software vendor Sophos who analyzed the emails said the fraudulent messages instruct recipients to rate Statfor's incident response by clicking on a link. The link leads to a YouTube video of Rick Astley's song Never Gonna Give You Up, this being a rather harmless trick known on the Internet as Rickrolling.