HackerSecret.com - The Most Authoritative Site in the World on the Hacking Tools and Techniques, Penetration Testing and CyberSecurity

  • Home
  • Visit Our Shop
  • Download the free App
  • Contact us for Info
VISIT OUR SHOP! CLICK HERE !

Legal Threats Make Powerful Phishing Lures

by / Friday, 14 June 2019 / Published in Hacking
Share
Tweet
Pin
0 Shares

Some of the most convincing email phishing and malware attacks come disguised as nastygrams from a law firm. Such scams typically notify the recipient that he/she is being sued, and instruct them to review the attached file and respond within a few days — or else. Here’s a look at a recent spam campaign that peppered more than 100,000 business email addresses with fake legal threats harboring malware.

On or around May 12, at least two antivirus firms began detecting booby-trapped Microsoft Word files that were sent along with some variation of the following message:

{Pullman & Assoc. | Wiseman & Assoc.| Steinburg & Assoc. | Swartz & Assoc. | Quartermain & Assoc.} <legal@wpslaw.com>

Hi,

The following {e-mail | mail} is to advise you that you are being charged by the city.

Our {legal team | legal council | legal departement} has prepared a document explaining the {litigation | legal dispute | legal contset}.

Please download and read the attached encrypted document carefully.

You have 7 days to reply to this e-mail or we will be forced to step forward with this action.

Note: The password for the document is 123456

The template above was part of a phishing kit being traded on the underground, and the user of this kit decides which of the options in brackets actually get used in the phishing message.

Yes, the spelling/grammar is poor and awkward (e.g., the salutation), but so is the overall antivirus detection rate of the attached malicious Word document. This phishing kit included five booby-trapped Microsoft Word documents to choose from, and none of those files are detected as malicious by more than three of the five dozen or so antivirus products that scanned the Word docs on May 22 — 10 days after they were spammed out.

According to both Fortinet and Sophos, the attached Word documents include a trojan that is typically used to drop additional malware on the victim’s computer. Previous detections of this trojan have been associated with ransomware, but the attackers in this case can use the trojan to install malware of their choice.

Also part of the phishing kit was a text document containing some 100,000 business email addresses — most of them ending in Canadian (.ca) domains — although there were also some targets at companies in the northeastern United States. If only a tiny fraction of the recipients of this scam were unwary enough to open the attachment, it would still be a nice payday for the phishers.

The law firm domain spoofed in this scam — wpslaw.com — now redirects to the Web site for RWC LLC, a legitimate firm based in Connecticut. A woman who answered the phone at RWC said someone had recently called to complain about a phishing scam, but beyond that the firm didn’t have any knowledge of the matter.

As phishing kits go, this one is pretty basic and not terribly customized or convincing. But I could see a kit that tried only slightly harder to get the grammar right and more formally address the recipient doing quite well: Legitimate-looking legal threats have a way of making some people act before they think.

Don’t be like those people. Never open attachments in emails you were not expecting. When in doubt, toss it out. If you’re worried it may be legitimate, research the purported sender(s) and reach out to them over the phone if need be. And resist the urge to respond to these spammers; doing so may only serve to encourage further “mailious” correspondence.

KrebsOnSecurity would like to thank Hold Security for a heads up on this phishing kit.

Krebs on Security

Share
Tweet
Pin
0 Shares
Tagged under: Legal, Lures, Phishing…, Powerful, Threats

Click here now to visit our Shop!

Click here now to visit our Shop!

Other 2300 users like you have already done it this year!

Choose the product you need here!

  • THE FIRST TRUE ANDROID SMARTPHONE FOR HACKING WITHOUT ROOT UNIQUE IN THE WORLD WITH ALL THE APPS !!! 499,99€ 249,99€
  • HACKER LIBRARY THE LARGEST COLLECTION OF BOOKS AND MANUALS ON HACKING + 100 !!! 99,99€ 49,99€
  • HACK SOCIAL THE GUIDE TO HACK ALL THE SOCIAL ACCOUNTS 99,99€ 49,99€
  • HACKER PACK FOR YOUR SMARTPHONE AND YOUR TABLET WITH ROOT GUIDE AND + 100 PROGRAMS !!! 99,99€ 49,99€
  • THE FIRST TRUE ANDROID SMARTPHONE FOR HACKING UNIQUE IN THE WORLD WITH ALL THE APPS !!! 599,99€ 299,99€
  • HACKER PACK FOR YOUR COMPUTER AND NOTEBOOK + 1000 PROGRAMS 5 GB OF STUFF !!! 99,99€ 49,99€

Our customers say

Annabel M. – Systems Engineer

 
Samuel D. – Ethical Hacker

 
Karola M. – Influencer

 
Marcus P. – Private Investigator

 
Rosemary S. – Housewife

 
Amit V. – IT Consultant

 
Matthew C. – Entrepreneur

 
Aisha B. – Computer Science student

 
Li W. – IT Analyst

 
Robert C. – Programmer

 

DOWNLOADED 1316 TIMES!

DOWNLOADED 1316 TIMES!

Download now Hacker Secret our free Android app.

CONTACT US NOW FOR IMMEDIATE SUPPORT!

Contact Us
Write your email address here
Write here how we can help you - we support you immediately for all your needs!

## Are you looking for products for hacking, computer security and penetration testing? Do you need to clean up your smartphone, your PC or your site from viruses and malware? Do you need to track down someone or retrieve urgent information? Do you want to buy devices already configured to experiment all the hacking techniques quickly and easily? Do you have special needs in software or hardware? ##

Contact us now … another 2300 users like you have already done it this year!

Click here now!

 

Search on the site

Latest posts

  • Veracode CEO on the Relationship Between Security and Business Functions: Security Can’t Be Effective in a Silo

  • Half a million stolen French medical records, drowned in feeble excuses

  • Google looks at bypass in Chromium’s ASLR security defense, throws hands up, won’t patch garbage issue

  • Announcing Veracode in AWS Marketplace: Streamlining Secure Software Development for AWS Customers

  • Imperva pretty adamant that security analytics aggregator product Sonar is not ‘one dashboard to rule them all’

All the techniques, products and services described or contained on this site are intendend for exclusive use of study and professional training and to test the security of own's computer network in accordance with the national legislations on access to computer and online systems. All the services provided on this site (penetration testing, social accounts hardening, Incident Response & CSIRT, MSSP, Cybersecurity Consultancy, etc.) can be provided only with prior written and documented authorization from the owners or their legitimate representatives in accordance with current national regulations .

TOP