This past summer, 100,000 employees from businesses across Canada and the northeastern United States were informed they were being sued. They received this troubling news over email and were warned that they had seven days to reply before the lawsuit would move forward. The exact nature of the lawsuit wasn’t clear until the employees downloaded the encrypted document attached to the email. Unfortunately, what was hidden inside the document proved to be almost worse than an unexpected lawsuit: It was a Trojan program that installed malware on their computers.
None of these employees were actually facing lawsuits, at least, not from the law offices the email claimed to be from. These emails were part of a phishing scheme, one that utilizes fear to make people act without thinking and accidentally download a malicious program.
Legal threats are a popular tactic among phishing schemes today. There’s nothing like the threat of a lawsuit to make someone open an email from an unfamiliar source. While this scheme used malware, Trojans are also used to install ransomware, locking users out of their systems and forcing them to pay a ransom in order to get their data back. Phishers don’t need everyone to fall for their tricks; just a tiny percentage of employees need to open the email and download the malware in order for the scammers to enjoy a good payday.
It’s not hard to understand why someone would fall for a phishing scheme like this — no one wants to get sued. This latest scheme is a good reminder that you should be wary of any email you weren’t expecting. Phishers can use fake legal threats, spoof a CEO’s email, and even mimic a warning from your bank. Every email should be regarded with extreme suspicion. If an email seems even remotely suspicious, send it to the trash. Never download any attachments or reply to these emails.
If you’re worried that an email might be legitimate, do the leg work and reach out to the sender over the phone to verify before opening the email. Make sure your team is trained on this same protocol. A couple extra minutes to make a phone call can save you from a costly mess.
Thanks for reading,
Randy Sklar, CEO
PS. When was the last time you changed your passwords? If it's been a while, you must download our brand new report "The Ultimate Hacker-Proof Password Checklist"