“Retainer deposit” phishing emails target firms with a PDF containing a link to malware
A number of Ontario firms have reported receiving emails from an overseas firm advising that a retainer deposit has been made, which includes a pdf document that supposedly contains the payment details. In fact the pdf has a link built into it that will likely instal malware on the computer of the person who clicks it.
Checking the link you are asked to go to is one of the best ways to confirm that a message is a phishing scam. Place your mouse over the link you are asked to go to (but don’t click on it!) and look at the taskbar in your browser window (usually at the lower left). It will show you the URL of the link. In this case, the link appears to go to a Brazilian site (it has a .br suffix). Also, the firm referred to in the email is a real firm, but the domain in the email address is not the one they use.
Here is an example of the email received, and what the attachment looks like (click to enlarge).
From: David Lim & Partners LLP [mailto:email@example.com]
Sent: February 27, 2017 10:27 AM
To: Subject: Retainer
Please find enclosed payment confirmation for retainer deposit made to your company account on behalf of our client to your receiving bank dated 27/02/2017NB: Confirm remittance on attached swift copy and advice accordingly.
Thank you in advance for your humble co-operation,
David Lim & Partners LLP
50 Raffles Place #17-01
Singapore Land Tower
Tel No.: +65 6744 0564/ +65 6744 0034
Fax No.: +65 6744 0546
For more information on how phishing scams work, see Don’t take the bait on a phishing scam from the December 2013 issue of LAWPRO Magazine.