Fraudulent Charge Phishing
Today I received an email that appears to be coming from a large law firm, specifically Cadwalader Wickersham & Taft LLP, which is a real law firm named with offices in New York, London, and other large cities which claim to be the oldest law firm in the USA. The text of the email claimed my firm inappropriately charged a credit card issued to an Aurora Haney. The text of the email included a link to a bank statement that supposedly contained the inappropriate charge. There are several clues here that prove this is a fraudulent phishing email.
First – the text of the email contained language that would be inappropriate from a law firm
Second – there was no contact information included in the email such as an address or phone number
Third – the email contained no information on the specifics of the inappropriate charge
Forth – I find it hard to believe an attorney would send me a link to their bank statement including all their charges and their credit card number.
Fifth – the email was from firstname.lastname@example.org not the individual who claimed the fraudulent charge was placed on her account
Finally – As a small firm I don’t accept credit cards, therefore, I could not have mischarged someone
I didn’t click on the link but I am sure it contains malware, either spyware, ransomware or other malicious software. Companies need to be aware of this attempt at penetrating their computer systems. Employees need to be trained how to spot the clues that identify fraudulent emails.
Internal controls you should consider.
- Never click on links in emails from sources you do not know
- Train employees to recognize the clues in spoofed emails
- Check the email address for inconsistencies
- Do an internet search on the company or individual the email is from
- Keep your antivirus, antimalware and antiransomware software up to date
- Don’t respond to emails that do not contain appropriate contact information
- When in doubt check with a supervisor before acting on emails from unknown sources