The SANS Internet Storm Center on Monday warned that CEOs of some companies are being targeted with a phishing attack involving fake federal subpoenas sent via e-mail.

This type of targeted e-mail attack, called “spear-phishing,” is a variation on the more common “phishing” attack. Both attacks use fake e-mail messages to try to lure victims to malicious Web sites, but with spear-phishing the attackers try to make their messages more believable by including information tailored to the victim.

The email is an official looking subpoena via email requesting the recipient to appear in front of a grand jury. It had may have the recipient’s name, phone number, company, and correct email address included in the message. Even the URL looks legitimate at first glance. This is not a legitimate message and should not be released from the end user’s quarantine.

Attacks of this sort often last no more than a week. They target executives to gain access to their bank accounts, which typically have a significant amount of money. “It’s a very quick hit,” he said, noting that he has seen similar attacks result in bank account losses that range from $100,000 to $1 million in aggregate.