Fact Check

Court Notice Scam

Scam: Malicious code is loaded onto computers via the e-mailing of fraudulent court appearance notices.

Published March 28, 2014

Claim:

Scam:   Malicious code is loaded onto computers via the e-mailing of fraudulent court appearance notices.


Examples:


[Collected via e-mail, March 2014]

Notice of appearance,

Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of Ontario in April 18, 2014 at 09:45 am.

You are kindly asked to prepare and bring the documents relating to the case to court on the specified date.

The copy of the court notice is attached to this letter. Please, read it thoroughly. Note: The case may be heard by the judge in your absence if you do not come.

Yours truly,
MCLEAN POWERS
Clerk to the Court.
 


[Collected via e-mail, February 2014]

Eviction notification,

You are hereby given notice that you are in breach of your tenancy of the premises you currently occupy.

To remedy the breach you have to quit the premises within the following four weeks.

If you fail to comply you will be physically removed and fined for up to 100 minimum monthly wages.

Detailed information is attached herewith.

Court secretary,
BROWNING Mccray


 

Origins:   Our first sighting of this scam came in December 2013, and since then it has reappeared in inboxes across the globe numerous times. Those running the fraud are using a template to generate fake notices about court hearings, eviction notices, and warrants to appear, merely slotting in different cities, dates, times, and fake names of the purported signatory:



Hereby you are notified that you have been scheduled to appear for your hearing that will take place in the court of [city] in [date] at [time].

You are kindly asked to prepare and bring the documents relating to the case to court on the specified date.

The copy of the court notice is attached to this letter. Please, read it thoroughly. Note: The case may be heard by the judge in your absence if you do not come.

Yours truly,
[name]
Clerk to the Court.


Slicker versions use the names of legitimate law firms and more professional-appearing graphic presentations:

The purpose of the con is to provoke the unwary into attempting to determine the nature of the referenced legal matter by clicking on or downloading the attached "copy of the court notice" mentioned in the e-mail. In either case, those who fall for the trick will view what appear to be court documents, but in the

background, unbeknownst to them, malware will be simultaneously loaded onto their computers.

The malware initially being loaded by this scam was Kuluoz, a nasty piece of work that installed FAKEAV, another bit of malware. FAKEAV flashed false security alerts that lured victims into purchasing fake antivirus software, then connected to its affiliate network to download SIREFEF/ZACCESS and TSPY_PAPRAS variants. SIREFEF is a malware known for its rootkit capabilities, while TSPY_PAPRAS sniffs for passwords in network packets and sends them to a remote site.

The bottom line? Don't click on attachments in scary-sounding e-mails lest you open your computer to crooks who will access all your personal information, such as passwords, credit card numbers, and bank account details.

Barbara "don't 'court' danger" Mikkelson

Last updated:   8 January 2015