Whale phishing: commercial litigator attacked in a sophisticated phishing attack

A boutique commercial litigation law firm received a suspicious email that appeared to be a court order. Aware of the prevalence of phishing attacks targeting law firms, they asked Notion Digital Forensics for an opinion on the email. The goal was to determine the legitimacy of the email and assess potential risks to the firm’s sensitive information and financial assets.

Objectives

The primary objective of this case study was to analyze the suspicious email, identify any embedded malware or security threats, and provide recommendations to the law firm for mitigating risks associated with phishing attacks.

Approach

Notion Digital Forensics thoroughly examined the email and the attached PDF document. This analysis involved investigating the email’s metadata, the PDF’s structure and content, and running specialized tests to identify any hidden malware or keyloggers that could compromise the law firm’s security.

Results

The examination revealed that the PDF contained a keylogger, a malicious tool designed to record and transmit the user’s keystrokes, potentially allowing unauthorized access to sensitive information. The court order was skillfully crafted to appear legitimate, with content tailored to the law firm’s current activities. The PDF had not yet been identified by any commercial virus scanners, highlighting the sophistication of this phishing attack.

Conclusion

Notion Digital Forensics successfully identified a well-executed phishing attack against the commercial litigation law firm. The forensic analysis provided the firm with valuable insights into the nature of the threat, allowing them to take appropriate measures to protect their sensitive information and financial assets. This case study underscores the importance of vigilance and proactive security measures for law firms and other organizations that handle large sums of money and valuable information.