Recently, a unique spam campaign has been uncovered by security researchers, where victims are confronted with fake legal threats. It is believed to have been active since last week. In this campaign, spam emails claim to come from law firms and warn gullible victims that they are sued for fictitious legal issues. The poorly-written emails which contain a malicious Word attachment, also instruct victims to respond to the issue within seven days.
Campaign leverages domain spoofing
Threat actors behind the campaign spoofed domains of certain law firms. KrebsOnSecurity reported an instance where a law firm’s website was spoofed.
“The law firm domain spoofed in this scam — wpslaw.com — now redirects to the Web site for RWC LLC, a legitimate firm based in Connecticut. A woman who answered the phone at RWC said someone had recently called to complain about a phishing scam, but beyond that the firm didn’t have any knowledge of the matter,” KrebsonSecurity reported.