Nov 1 (Reuters) – International law firm Latham & Watkins has asked for a federal court order to stop unidentified cyber criminals from using domain names similar to its own to attempt to defraud clients and others.
In a lawsuit filed Tuesday in Alexandria, Virginia, federal court, Latham said scammers are using dozens of misleading domain names in emails impersonating Alexandra Bigot, a Paris-based Latham partner, hoping to dupe people into sending money to pay off falsified invoices.
The firm said at least 50 third parties were contacted in the scam. Latham asked the court to transfer the domain names to the firm.
A spokesperson for the firm declined to comment. Bigot did not immediately respond to a request for comment.
Latham owns the lw.com domain name. The scammers, Latham alleged, have registered domain names combining “lw” with a generic location name for France, like “fr” or “fra.” Scam emails sent from these “abusive domain names” included the partner’s name, the firm’s real address and website, and its trademark, Latham said.
Cyber criminals in recent years have used other prominent law firm names, including Debevoise & Plimpton and DLA Piper, for similar cyber scams. Debevoise in a December 2021 lawsuit said the owners of “debevoise-law.com” and “debevoise-laws.com” were sending emails using names of actual Debevoise attorneys as part of a phishing campaign.
Debevoise obtained a preliminary injunction days later and won a default judgment in August 2022.
Tech and information security news outlets reported in November 2022 that a group called Crimson Kingsnake began impersonating several international law firms, including Clifford Chance, Dentons and Kirkland & Ellis, in emails fraudulently seeking funds.
Latham’s lawsuit said it has contacted two companies that register domain names on the internet — Namecheap and Above — to ask them to disable and surrender the misleading domain names and identify who registered them, but it has not heard back from the companies.
David Warmuz, the CEO of Above, said he was not aware of the lawsuit and that the World Intellectual Property Organization is the most appropriate venue to lodge an initial claim over domain name abuses.
Richard Kirkendall, the CEO of Namecheap, did not immediately respond to a request for comment. Namecheap and Above are not named as defendants in the lawsuit.
Read more:
Debevoise fries phishers in cyberpiracy case. Take heed, law firms
Debevoise & Plimpton sues over phishing scheme using law firm’s name
Our Standards: The Thomson Reuters Trust Principles.
