Criminals are impersonating attorneys and law firms as part of sophisticated versions of classic “Nigerian Prince” scams.
Nigerian Prince scams (AKA “advance fee scams” or “419 scams”) involve criminals contacting people with fraudulent “news” of large amounts of money owed to the recipient (as an inheritance from a long lost distant relative, for assistance in performing some transaction, etc.) – and informing their would-be victims that the money will be wired to the recipient as soon as the recipient provides the criminal with banking information, or, in some cases, pays a small “processing fee.” Nigerian Prince type scams have existed for decades, and are conceptually similar to much older scam variants, including some that proliferated en masse after the French Revolution.
Through various systems that I have implemented in order to observe cyber-criminal patterns, I personally receive Nigerian-Prince-type fraudulent solicitations every single day.
One might think that, by now, people in general would be knowledgeable enough to avoid falling prey to such schemes – and, perhaps, for the majority of folks, such reasoning holds true. That said, the reason that criminals continue to invest time (and sometimes, money) in perpetrating Nigerian Prince scams is because such scams still produce significant revenue for crooks; various experts estimate that Americans alone still lose close to a million dollars a year to such scams.
Yesterday, I received a particularly interesting – and, in some ways, devious – variant of the scam which I wanted to share with readers. To start with, the message arrived by fax (see image below) – not email – a technique that scammers sometimes use in order to avoid spam filters, to select targets deemed by their use of outdated technology to be less technologically sophisticated than the general population, and to look more “official.” What was more interesting about yesterday’s scammer communication, however, was that the fax that I received bore the name of a real attorney (Michael Goldberg) at a real law firm (Minden Gross LLP) – and, for those unfamiliar with the size and nature of the genuine firm, the “firm’s website” as appeared at the URL mentioned on the fax could certainly appear genuine. (Screenshots of the bogus and real websites appear below – note the warning now appearing on the real website.)
But, the fax was not sent by the lawyer who ostensibly signed it, nor by anyone else at the genuine law firm – it was sent by a criminal, and the phone numbers and email addresses on the fax direct would-be victims to the criminal, not to any legitimate attorney. Likewise, anyone who contacts the firm using any of the contact information on the bogus website may be in for a terrible surprise.
Ironically, the bogus website brags on its homepage about the firm providing services for over 20 years – but, resides on a domain registered last week. (I have contacted the domain registrar, and, the legitimate law firm has informed me that it is coordinating with the relevant law enforcement agencies.)
This incident is a reminder both that if something sounds too good to be true, it probably is, and that criminals are constantly improving their craft; scammers can sometimes mimic legitimate parties quite well. So, stay vigilant. And, if you need to verify that someone actually sent you a message, contact that person using a pre-known method of communication – not using any email addresses, website URLs, or phone numbers contained in the questioned communication.