A UD community member reported receiving a fake court notification that “reminded” them about a court date. It even provided some helpful documents to bring!
This phish earns the dubious honor of being one of the more well-written ones we’ve seen in a while. Apart from some interesting capitalization choices, the wording seems reasonable enough. The attachment name even references the title!
A closer inspection, however, reveals inconsistencies and warning signs. First, the “court” email comes from a non-government address (server.neleryaptik.com) that’s obvious cause for concern.
Second, the salutation doesn’t address the recipient by name. We know the government isn’t the most personable group out there, but they definitely know your name. It’s unlikely that you’d receive a generic email if it’s specifically to remind you about your court date.
Speaking of dates, the email claims that yours is on the 16th in an attempt to cause short-notice panic and get you to open the file.
The file itself is a .zip, which is a warning sign. Usually, official documents will be PDFs, and they probably won’t come as email attachments. You’ll probably have to sign in to a government Web site to view, verify, or download them. We checked the .zip out, and it contains a file ending in “.doc.js” rather than in .doc. This means that it’s a JavaScript file masquerading as a real .doc file in order to trick unwary users, and whatever code it contains would be executed when someone opens that file.
It’s important to inspect emails before opening any such attachments or clicking on any links. Even if something looks official at first, double check it to make sure it passes muster before you consider it trustworthy.