Canadian Law Blog Hall of Fame

2015 Canadian Law Blog Finalist

2014 Canadian Law Blog Finalist

2013 Canadian Law Blog Awards Winner

2011 Canadian Law Blog Finalist

2010 Canadian Law Blog Finalist

2009 Canadian Law Blog Awards Winner

2008 Canadian Law Blog Awards Winner

2007 Canadian Law Blog Awards Winner

2008 InnovAction Awards

  • Categories
  • Archives
    April 16th, 2008

    ♫Don’t take the bait,
    Don’t seal the deal,
    Don’t buy the hype..♫

    Words and Music by The Neighborhoods

    The New Jersey Law Journal has posted an article online:

    Businesses Hit With E-Mail Blast of Virus-Carrying Pseudo-Subpoenas by Mary Pat Gallagher on Wednesday, April 16, 2008. That article reports that thousands of executives received e-mails on Monday April 14, 2008 purporting to be US federal court subpoenas but which appear to be part of a “phishing” scam to capture sensitive data.

    This is another example of a phishing attempt by impersonating a law-related entity, in this case the U.S. District Court. The fake subpoenas bear the seal of the court and docket numbers from real cases, though apparently closed ones, without party names. Mary Gallagher reports that they command an appearance on May 7 before a grand jury in a particular room at the U.S. courthouse in San Diego.

    They identify the originating e-mail address as “” and contain a link with an instruction to “download the entire document on this matter … and print it for you record.”

    “As is typical with these phishing attempts, those who click on the link infect their own computers, and those networked to them, with a virus aimed at gathering passwords, account numbers, credit card numbers and similar information. Matt Richard, of VeriSign’s iDefense Labs, a cybersecurity group, estimates that 1,800 recipients have clicked on the link.”

    The phishing emails bear the name of “O’Mevely & Meyers,” a fictitious law firm. But there is a real firm of “O’Melveny & Myers LLP” in LA and the phishing email incorporates the real firm’s address. The name is close enough that O’Melveny has posted a notice on its Web site stating it is not the source of the subpoenas.

    Aiside from the usual spelling and grammatical errors, the most significant tip-off was that “federal courts will never send you a subpoena by e-mail,” stated Scott Christie, a former assistant U.S. attorney who once headed up the New Jersey office’s Computer Hacking and Intellectual Property Section.

    Gallagher quotes Christie as stating that lawyers should be warning their clients, and because unexpected future variants are likely, people should “review their e-mail messages carefully and if there are misspellings or other indicia of impropriety or fraud, immediately contact their attorney.”

    It will only be a matter of time before these attempts spread to other jurisdictions and other courts. Lawyers should be notifying their clients of the proper method for informing them as to real court notices and subpoenas. If they do receive such a notice directly, they should be informed to contact their lawyers prior to clicking on any suspect ‘notice’ sent to them directly to avoid taking the bait of the spear phishers.

    This entry was posted on Wednesday, April 16th, 2008 at 5:22 pm and is filed under Firm Governance, Fraud and theft, Issues facing Law Firms, Leadership and Strategic Planning, Technology, Trends. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    One Response to “Fraud and Spear-Phishing Attempts…”
    1. victor louis Says:

      fake subpoena spear-phishing

      It is kind of a whaling attack targeting big fishes in corporate offices like CEO’s, top executives and managers.

      “This is one of the best phish e-mails I’ve seen in the past 6 years” quoted by Mr. Steve Kirsch, a well known Silicon Valley entrepreneur

      Remember, that it is not legal to send subpoena via emails unless it is agreed by the people. Also All US Federal courts have URLs of the form “” and not in the form
      “” mentioned in email. So Beware of these kinds of mails. The Abaca Email Protection Gateway ( service was the only service I know that quarantined these emails.

    Leave a Reply