Fraudulent Charge Phishing

Fraudulent Charge Phishing

Today I received an email that appears to be coming from a large law firm, specifically Cadwalader Wickersham & Taft LLP, which is a real law firm named with offices in New York, London, and other large cities which claim to be the oldest law firm in the USA. The text of the email claimed my firm inappropriately charged a credit card issued to an Aurora Haney. The text of the email included a link to a bank statement that supposedly contained the inappropriate charge. There are several clues here that prove this is a fraudulent phishing email.

First – the text of the email contained language that would be inappropriate from a law firm

Second – there was no contact information included in the email such as an address or phone number

Third – the email contained no information on the specifics of the inappropriate charge

Forth – I find it hard to believe an attorney would send me a link to their bank statement including all their charges and their credit card number.

Fifth – the email was from cwtinfo@cadwalader.com not the individual who claimed the fraudulent charge was placed on her account

Finally – As a small firm I don’t accept credit cards, therefore, I could not have mischarged someone

I didn’t click on the link but I am sure it contains malware, either spyware, ransomware or other malicious software. Companies need to be aware of this attempt at penetrating their computer systems. Employees need to be trained how to spot the clues that identify fraudulent emails.

Internal controls you should consider.

  1. Never click on links in emails from sources you do not know
  2. Train employees to recognize the clues in spoofed emails
  3. Check the email address for inconsistencies
  4. Do an internet search on the company or individual the email is from
  5. Keep your antivirus, antimalware and antiransomware software up to date
  6. Don’t respond to emails that do not contain appropriate contact information
  7. When in doubt check with a supervisor before acting on emails from unknown sources

About Dr.Bob

Dr. Minniti is the President and Owner of Minniti CPA, LLC. Dr. Minniti is a Certified Public Accountant, Certified Forensic Accountant, Certified Fraud Examiner, Certified Valuation Analyst, Certified in Financial Forensics, Master Analyst in Financial Forensics, Chartered Global Management Accountant, and is a licensed private investigator in the state of Arizona. Dr. Minniti received his doctoral degree in business administration from Walden University, received his MBA degree and Graduate Certificate in Accounting from DeVry University’s Keller Graduate School of Management, and received his Bachelor of Science in Business Administration degree from the University of Phoenix. Dr. Minniti teaches graduate and undergraduate courses in accounting, fraud examination, fraud criminology, ethics, forensic accounting, external audit, and internal audit, at DeVry University, Grand Canyon University, Northwestern University, and the University of Phoenix. He designed graduate and undergraduate courses for Grand Canyon University, Northwestern University, and Anthem College. He is a writer and public speaker. He has experience in forensic accounting, fraud examinations, financial audits, internal audits, compliance audits, real estate valuations, business valuations, internal control development, business continuation planning, risk management, financial forecasting, and Sarbanes-Oxley compliance work. Dr. Minniti is an instructor teaching continuing professional education classes for the American Institute of Certified Public Accountants, Compliance Online, CPE Link. AccountingEd, Global Compliance Panel, Clear Law Institute and various state CPA Societies.

Leave a Reply

Your email address will not be published. Required fields are marked *