Beware: A phishing scam that started today appears to be targeted at customers of a legal technology consulting and development company.

The email, which purports to come from a California company, Legal Soft Solutions, tells recipients that their payment failed to process and that they must update their payment method.

One obvious red flag in the email is that it refers to an order placed through Amazon. Not sure I’ve ever seen anyone buy legal tech consulting services through Amazon.

The email spoofs a legitimate email address used by the company to send marketing emails. In fact, when I searched my own inbox, I founder legitimate emails from that company using that email address.

Of course, that is how phishing scams lure you in.

My Chrome browser warned me I was heading for trouble.

Out of curiosity, I clicked the link in the email, “Update your payment method.” My Chrome browser blocked the page from loading, warning me that it was a deceptive site that may try to trick me into providing personal information.

The site asked for my email and password, so I made them up.

I elected to proceed to the site anyway. I logged in using a made-up email address and password.

I came to a spoofed Amazon page at a URL that had no relation to either the legal tech company or Amazon. A pop-up asked me to update my personal information, warning me that I would not be able to access my account until I did.

The spoofed Amazon page asked me to update my personal information.

At that point, I decided to quit while I was ahead and closed out of the window.

I called Legal Soft Solutions to let them know about the scam. The man who answered the phone said he was well aware of it, because he had been fielding calls and emails about it all morning.

He assured me that his company had nothing to do with it and that no one had hacked the company to obtain its mailing list. He said that the company had notified law enforcement.

Remember: Whenever an email has something about it that doesn’t look quite right, don’t do what it asks. Pay attention to anything off about the sender or the email address.

And also look carefully at the link it asks you to click on. Sometimes a legitimate URL can be spoofed with just a character or two difference.

 

Photo of Bob Ambrogi Bob Ambrogi

Bob is a lawyer, veteran legal journalist, and award-winning blogger and podcaster. In 2011, he was named to the inaugural Fastcase 50, honoring “the law’s smartest, most courageous innovators, techies, visionaries and leaders.” Earlier in his career, he was editor-in-chief of several legal publications, including The National Law Journal, and editorial director of ALM’s Litigation Services Division.