Courts around the country are circulating warnings about virus-bearing emails that purport to be notices of court hearings.
The messages, often dubbed a “notice to appear” or “warrant to appear,” are written as if they were sent by a court clerk and the subject line usually refers to a hearing and states a docket number.
Recipients are told of a warrant requiring that they appear in court at a certain time on a specified date for a hearing and must bring with them all documents and witnesses.
Some of the messages give a reason for the hearing—usually illegal software use—and many have return email addresses suggesting they were sent by prominent law firms, including Jones Day; Hogan Lovells; Latham & Watkins; Dechert; Perkins Coie; and Skadden Arps Slate Meagher & Flom.
The emails typically instruct recipients to open and read attachments that supposedly contain additional details. Anyone who clicks through is infected with malware that can steal passwords, download other malware and/or turn the receiving computer into part of a “botnet” that attacks other machines and systems.
The Administrative Office of the U.S. Courts sent out a “Public Alert” on Jan. 14, captioned “Scam Emails About Phony Court Cases Carry Computer Virus.” It cautioned: “Unless you are actively involved in a case in federal court and have consented to receive court notifications electronically, you generally will not be served with court documents, electronically.”
The USAOC advised that anyone who receives an email regarding a case or matter they know nothing about should contact the court before opening any attachments or clicking on any links.
Other federal courts, including the District of New Jersey, Eastern, Northern, Southern and Western Districts of New York, of New York, have linked to the USAOC notice.
Some state courts, including Georgia, Maryland and Nebraska, have also sounded the alarm.
USAOC spokesman Charles Hall says an alert was put out after at least three federal courts were implicated: the Eastern District of Louisiana, the Northern District of Georgia and the District of Columbia.
Hall notes that an oddity of the emails is that they do not specify which court is involved, giving only the location, such as “the court of Georgia.”
As a result, people do not know if the emails refer to state or federal court and have been calling both in the given locale to try to find out.
Another quirk is that the docket number in the subject line starts with “NR,” which is not used by any federal or state court.
In addition, courts don’t send out “cold emails,” in contrast to those that might arrive by way of PACER in connection with a known litigation matter,” says Hall. “If you’re opening an email and having to ask ‘what’s this about?,’ that should be a red flag.”
Tammy Kendig, a spokeswoman for the N.J. Administrative Office of the Courts, says she has heard of a few people in the state getting the bogus email but the instances are so isolated that no public warning has been issued. She says the AOC is monitoring the situation, however.
Kendig points out that when electronic notices are sent out as part of the e-filing system for Special Civil Part cases, they relate to a known case and go to an attorney who has signed up to receive them.
Scott Christie, a former assistant U.S. attorney who headed the District of New Jersey office’s Computer Hacking and Intellectual Property Section, calls the phony court emails the latest version of a trend to induce people to download malware or other harmful programs.
“The goal, of course, is to convince unsuspecting individuals that the subject matter is urgent and requires them to put aside their suspicion and access it immediately,” says Christie, now with McCarter & English in Newark, where he litigates information technology and data privacy cases.
A lawyer who falls for the scam might compromise his or her own personal data stored on the computer or laptop but client information would likely remain safe thanks to the current practice of not storing it on local hard drives but on a central network, Christie says.
Hogan Lovells, one of the law firms whose names were used in return email addresses, said: “There was an attempt to masquerade as Hogan Lovells, as well as several other prominent law firms, via an e-mail circulation. These messages did not originate from or pass through any Hogan Lovells system.”
Other scams that have prompted court warnings in recent years involved fake FBI and Department of Justice emails containing “ransomware” that locked computers and destroyed data unless money was paid. Still others involved “spear-phishing” messages that appeared to have court subpoenas attached.
Court have also warned potential jurors about being contacted by phone email or in person by people who pretend to be court personnel and ask for personal information such as birth dates, Social Security numbers and driver’s license numbers.