Wednesday March 24, 2010 11:00 A.M. EST
Please be advised that a fraudulent e-mail alleging a copyright infringement suit is still being circulated. Although some details may have changed from the earlier version, the e-mail is completely fraudulent and should be deleted immediately. We continue to take all steps possible to investigate and prosecute this matter with the appropriate authorities. It is not necessary to forward the email to our firm at this time. Thank you for your continued support and understanding.
Tuesday March 16, 2010
10:00 A.M. EST
Dear Friends and Colleagues:
As many of you are probably aware by now, Crosby & Higgins LLP has become the latest victim in what is now an urgent problem in internet security—a “phishing e-mail scam.” Millions of these phishing e-mails are sent every day pretending to come from reputable firms when in fact they have nothing to do with them. Unfortunately, there is no way for any of these firms to prevent fraudulent e-mails from masquerading as communications from legitimate businesses. What happened in this instance is that some individual or organization created a fraudulent phishing e-mail purporting to be from an attorney at the firm, and “advising” the recipient that they have been sued for copyright infringement. Although the e-mail contains numerous signs of being fraudulent, it appears just authentic enough to cause alarm for its recipients. Worse, the e-mail includes an attachment infected with a malicious “Trojan Horse” virus which we understand was successfully intercepted by many antivirus software programs.
Like hundreds of other innocent firms that have been victimized by phishing e-mails, Crosby Higgins LLP deeply regrets any inconvenience this may have caused. Please be assured that we are doing everything we can to spread the word and take the fight back to those responsible for this malicious act:
When the first inquiries were received Friday evening March 12, we immediately began investigating and quickly confirmed that the fraudulent e-mail had nothing to do with us and was not being sent from servers hosting the firm’s e-mail and website.
By Saturday morning March 13, we posted a “fraudulent e-mail alert” on our website and immediately filed a report with The United States Computer Emergency Readiness Team—a partnership between the Department of Homeland Security and the public and private sectors to protect the nation’s internet infrastructure and respond to cyber attacks across the nation. As well, we began monitoring internet blogs and internet postings and actively worked to spread the word that the e-mail was fraudulent. We also began immediately responding to e-mail inquiries to our firm over the weekend from concerned recipients.
On Monday morning March 15, the e-mail began spreading throughout the internet and by mid-afternoon was circulating around the world. Through the course of the day, our firm responded to hundreds of phone calls and e-mails and replaced our website with a page dedicated to the fraud alert. We consulted with numerous IT specialists to better understand the origin of the e-mail as well as the nature of the virus that was infected in the attachment.
On Monday afternoon March 15, we communicated with the Federal Bureau of Investigation and the New York City Police Department Computer Crime Desk and filed a report with the Internet Crime Complaint Center, a joint partnership between the FBI, the National White Collar Crime Center and the Bureau of Justice Assistance. The IC3’s mission is to serve as a vehicle to receive, develop, and refer criminal complaints regarding the rapidly expanding area of cyber crime.
Thankfully, it appears that the effort described above, along with the incredible outpouring of support from friends and strangers alike, has gone a long way towards blunting the impact of this event. We are optimistic that in the coming days, this latest “phishing scam” will run its course. What will not soon pass, however, is our determination to see that phishing e-mail scams get the attention and response they deserve from industry and government alike. Electronic communications are far too central to allow a small group of cyber terrorists to disrupt business operations, harm reputations, and destabilize the communications network that all of us have helped to build. In our view, there must be a decisive, concerted effort, to put an end to this, and we hope that our experience can add another voice in the fight to improve internet security.
In the meantime, Crosby & Higgins LLP will continue serving its clients with the all of the passion, skill, and integrity that our firm works so hard to deliver every day. We are grateful for the tremendous amount of support that we have received from our clients, from the legal community, and from the public at large, and look forward to getting back to the business of what we do best—fighting for our clients.
With Many Thanks,
Todd A. Higgins, Esq.
Crosby & Higgins LLP
350 Broadway Suite 300
New York, N.Y. 10013