Recently, there have been a large number of Spear Phishing e-mail whose return address uses the URL or domain owned by large international law firms.
Typically Spear Phishing are very targeted attacks going after an individual or group. Hackers use e-mail spoofing in an attempt to get the email recipient to open the e-mail. The e-mail frequently is loaded with malware. Typical malware in these cases is Remote Access Trojan. This malware can open up the recipient’s computer and network to unauthorized access to confidential information. Spear phishing attempts are not typically initiated by "random hackers", but are launched by perpetrators out for financial gain, trade secrets or military information.
E-mail spoofing is the use of a domain name. As an example, “EvidenceSolutions.com” for instance, is used in the e-mail’s return address. This may cause the addressee to open the e-mail thinking it is from a trusted sender at that company or firm.
In this case, the targets of this spear-phishing attack are other lawyers who just might open an e-mail from these firms. The recipient may be across the courtroom from an attorney in these firms, or they may be doing some other type of business with the firms. Either way, just seeing these prestigious firms' names as the return address may cause the recipient to let down their guard and open an e-mail that they might not otherwise open.
Some of the subject lines included: "Notice to Appear in Court" or a notice about a deadline. Attorneys, who might normally be in a hurry, will open e-mail from these firms without hesitation.
Affected firms include Reed Smith whose headquarters is in Pittsburgh PA; Sidley Austin, LLP headquartered in Chicago Illinois; Skadden, Arps, Slate, Meagher & Flom LLP, headquartered in New York, NY; and Baker & McKenzie, headquartered in Chicago, Illinois.
We highly recommend restraint when receiving e-mail from an unknown sender. Ask yourself whether you are expecting an e-mail from this person or organization. Don't let the word "Notice to Appear in Court" rattle you into opening attachments that you know shouldn’t be delivered to you.
Kudos to come of the law firms whose domains were spoofed. They stepped up and posted warnings about the spoofed e-mails.
