Law firms in Eire and Northern Ireland are being targeted with a new Supreme Court phishing campaign that is being used to fool recipients into visiting a malicious website.
The email appears to have been sent from the Supreme Court and refers to a new/updated Statutory Instrument. The emails that have been detected so far include a PDF file containing further details, although the attachment will divert the recipient to a malicious domain.
The Supreme Court phishing emails add a sense of urgency, as is common in phishing campaigns, telling the recipient to read the information in the attached document by this Friday.
The emails that have been reported have the subject line – Supreme Court (S.I. No691/2017) – although it is possible there are other variations along the same theme. The Courts Service has confirmed that the emails are not genuine and should be deleted without being opened. The phishing scam has been reported to the Gardaí and the Courts Service IT team is also investigating and a warning has been issued.
Supreme Court phishing scams are common. In February this year, the UK Supreme Court also issued a warning after numerous emails were received claiming to be subpoenas for court appearances in relation to a crime that the recipient had committed. In that case, a link was included to provide the court with all of the necessary information about the case. Receipents of the email were told to submit the information within 12 days or the case would proceed in their absence.
As the UK Supreme Court pointed out, it does not issue subpoenas to appear in court for criminal cases, although many law-abiding citizens would be aware of typical procedures associated with criminal cases. The fear generated by a potential court appearance for an unknown crime would likely see many email recipients open the message, click on the link and reveal their personal information.
Protect your MSP clients with the newest zero-day threat protection and intelligence against anti-phishing, business email compromise and zero-day attacks with PhishTitan.
Free Demo
The purpose of Supreme Court phishing emails is usually to obtain sensitive information under the guise of confirming the recipient’s identity. The information gathered by the phishing emails can be used for identity theft or other forms of fraud. Emails such as this are also used to spread malware or ransomware.
The emails are designed to scare people into responding and they can be highly effective. However, there are usually a variety of telltale signs that the email is not genuine. Before clicking or taking any requested action, it is important to stop, think and not to panic. Check the email for misspellings, grammatical errors and anything out of the ordinary.
If a link is included in the email, hover the mouse arrow over it to find out the true URL to see if it will direct you to a genuine domain. If the email contains an attachment, do not open it. If you are worried about the email, contact the organization that claims to have sent the message by obtaining the correct contact details from the Internet and verify the authenticity of the request.
In the most part, any serious matter such as a subpoena or important change to legislation would be unlikely to be communicated via email, and certainly not in an email attachment or via a link to a domain.