Law Firm Domain Names Spoofed to Launch Phishing Scams
It is not unusual for lawyers to send emails to individuals and businesses they are about to sue to engage them before they do file suit to see if a settlement can be discussed or reached. The lawyer will reach out via email with a copy of the proposed Complaint, and tell the individual or business that they are about to be sued, that the Complaint is attached or in a link, and that if the individual does not respond within 7-10 days, the Complaint will be filed.
This is common practice. And apparently hackers and scammers know this, too, and are using it to launch phishing scams. The way it works is that they buy a domain name that looks like a law firm domain name, (usually several names strung together) and send a threatening email from the “law firm” with the attachment or link. When the recipient opens the “Complaint,” the attachment or link is infected with malware that then attacks the recipient’s operating system.
This scam is just another variant of other successful schemes—using enticing and scary messages to try to get people to click on an infected attachment or link. No matter how many times we tell people not to click on attachments or links from unknown sources, curiosity usually gets the best of them. Be aware of these new schemes so you or your employees don’t fall victim to them as well.