Phishing Attacks Begin Leveraging Legal Threats From Local Law Firms

By far the most convincing email phishing and malware attacks, come disguised as your “typical nastygram” from local businesses. In most cases, these emails have grown in popularity with SMB criminals. By making minor customizations, these phishing attacks are now coming from local victims who were hacked. These emails notify recipients that he/she is being sued, and instructs them to review the following attached file, with a directive of respond within the time frame, or else… Here’s a look at a recent phishing campaign that peppered more than 100,000 business, their employee emails’ and harbored legal threats and malware utilizing a local law firm’s systems.

In May, two well-known anti-virus firms began detecting compromised files, specifically Microsoft Word. These logs are gathered and detected through AI Network Aggregation to identify malicious attachments. In this case, attachments were sent along with a simple variation of the message below. This exact kit is now being traded alongside others on the “dark web,” therefore we have numerous business names outlined in brackets below.

The original phishing kit included 5 trap Microsoft Word Documents to choose from. None of which would be detected as malicious by many systems today. A few weeks later, when anti-virus scanned these dormant files, nothing would stand-out about the Word Documents.

{Pullman & Assoc. | Wiseman & Assoc.| Steinburg & Assoc. | Swartz & Assoc. | Quartermain & Assoc.} <>


The following {e-mail | mail} is to advise you that you are being charged by the city.

Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}.

Please download and read the attached encrypted document carefully.

You have 7 days to reply to this e-mail or we will be forced to step forward with this action.

Note: The password for the document is 123456

From what we know, these documents would typically include a trojan, that is used to drop additional malware on these business systems. Previous detections of this trojan have been associated with ransomware. Enabling the attackers to choose what specific malware to install, and on what machines specifically. As far as phishing kits go, this one is simple, not overly convincing, with customization. But given the right tools, could this threat really have teeth? Legitimate-looking legal threats have a way of making people act before they think.

What makes this scarier for businesses, is the fact that this exact phishing kit was also supplied with text files containing over 100,000 business email addresses. In May the law-firm spoofed in this exact scam had a website redirecting to a falsified legal entity, tricky stuff! Unfortunately, it wasn’t until one of their customers called to complain about the phishing emails they too received before anyone from the law firm was alerted.

As a rule of thumb, never open attachments in emails you were not expecting – When in doubt, toss it out. Sometimes, these things can be legitimate, so research the purposed sender, and reach-out instead through the phone. Resist the urge to respond to these criminals, doing so may encourage further malicious correspondence.

I think for many of us in the Bay Area, we utilize technology for so many things, that we are constantly leaving security backdoors open. It’s these flaws, that allow malicious hackers to administer a malware-payload of their choosing. At Clare Computer Solutions, we work to lock down your security, through assessing your risk to these types of attacks.


Provide Advanced Security at All Times with Netcentral Secure – Start Your Security Posture Evaluation Today