Phishing. Not Your Dad's Favorite Pastime
Phishing is category of online scams. Cybercriminals use deceptive tactics to trick individuals into sharing sensitive information, such as usernames, passwords, credit card numbers, or other personal details. Often disguised as legitimate communications
from trusted entities, phishing attacks human vulnerability rather than relying solely on technical hacking skills. The schemes typically start with an email, text message, or social media post that appears to be from a reputable source like a bank,
government agency, or popular service provider. These messages often use persuasive language, invoking urgency or fear to compel immediate action.
Types of Phishing
Email Phishing. Cybercriminals send mass emails designed to appear legitimate, often addressing the recipient with vague greetings like "Dear Customer. "
To avoid being a victim, be cautious of messages with urgent or threatening language. Check the sender's email address for discrepancies. Fraudsters often use addresses that resemble legitimate ones but with subtle differences (e.g., support@amzon-service.com).
Spear Phishing. A more targeted attack, where scammers gather personal information to create a convincing, tailored message.
To avoid being a victim, watch out for suspicious links, and do not click them. Hover over links to preview the URL before clicking. Look for misspellings or unfamiliar domains in the URL.
Smishing. Phishing with SMS text messages.
To avoid being a victim, a
Vishing. Voice phishing, where attackers use phone calls to solicit sensitive details.
To avoid being a victim, verify claims from unknown callers. If a caller claims to be from a bank or service, contact the organization directly using official contact methods.
Clone Phishing. Replicating legitimate emails but swapping links or attachments with malicious ones.
To avoid being a victim, enable two-factor authentication to add an extra layer of security to your accounts by requiring a second verification step, such as a code sent to your phone. Regularly update your operating system, antivirus software, and web browsers to protect against vulnerabilities.
The fallout of a phishing attack can be devastating, leading to identity theft, financial loss, and unauthorized access to personal or professional accounts. Businesses may face data breaches, reputational harm, and regulatory fines. Stay informed about new phishing tactics and share this knowledge with friends and colleagues. Install browser extensions or email filters that detect and block phishing attempts. If you suspect phishing, report it to your email provider, company IT team, or a relevant authority like the Federal Trade Commission (FTC).
New FTC Tool Designed to Protect Consumers
The Federal Trade Commission (FTC) in October 2020 launched ReportFraud.FTC.gov, a new consumer-friendly fraud-reporting portal that aims to better protect consumers by identifying and foiling new scams sooner. Consumers can report anything from government imposter scams to phony weight-loss claims, abusive debt collection, and deceptive auto sales, along with all sorts of unwanted phone calls, text messages, and emails. And the FTC wants to hear about them all. Read more about the new tool on WSBA's NWSidebar blog.
Reported Fraud Schemes Affecting the Public and Legal Profession
As a service to our members and the public, the WSBA provides information about reported scams targeting lawyers, legal service providers and legal services consumers. The Bar does not have authority to investigate these scams. Fraud schemes may be reported to the Washington State Attorney General's Office, The Internet Crime Complaint Center (IC3), or Federal Trade Commission.
Fake Lawyer Discipline Complaints
Targeted population: Lawyers in several states
What to expect: Email pretending to be from state bar with link or attachment asking lawyer to respond to a complaint. Link is ransomware and may make all data on the computer inaccessible or compromise client data until a fee is paid.
Tax Software Update Phishing Scam
Targeted population: Tax Professionals
What to expect: Emails sent to tax professionals pretending to be from tax software company. Emails offer link to "software update, " but actually installs a key stroke tracker.
Real Estate Wire Instructions Scams
Targeted population: Lawyers and other holding real estate transaction funds
What to expect: Email with last-minute change in escrow funds wiring instructions. Email appears to be from a person legitimately involved in the transaction, but is actually from a hacked email account. The money could be wired to the hacker's bank account.
Jury Duty Scam
Targeted population: Lawyers and public nationwide
What to expect: Email with link or attachment or phone message demanding payment or personal information to quash an arrest warrant issued for failure to appear for jury duty.
Court Appearance Data Scam
Targeted population: Lawyers and public nationwide
What to expect: Email with subject line "Urgent court notice NR#73230 (or another random number), " attaching a fake hearing notice. If you open the attachment, it may download a virus to your computer.
Counterfeit Check Scam (IOLTA)
Targeted population: Lawyers
What to expect: Prospective client contacts lawyer, often for debt collection matter. Lawyer receives what appears to be valid cashier’s check from reputable bank — supposedly settlement funds from the debtor (often a real company). Or the client sends a check for more than the agreed fee. After the lawyer deposits the check, the client asks the lawyer to wire the funds, less the fee, (or refund the overpayment) to a foreign bank. The lawyer wires the funds and then learns the cashier’s check was fraudulent.
More information:
Check Fraud Scams: Be Alert to Phishing — How Not to Fall Prey
Anatomy of a Fraud from The Lawyerist
Email Scams and Lawyer Trust Accounts from ARDC
Washington State Supreme Court Clerk Scam
Targeted Population: Washington Residents with Hispanic Last Names
What to Expect: Phone call demanding money and threatening arrest. Callers pose as the Washington State Supreme Court Clerk. The Supreme Court will never threaten people with arrest or demand payment.
More Information (This article courtesy of Washington State Office of the Attorney General)
Severance Checks
Targeted Population: Lawyers
What to Expect: A prospective client sends an e-mail claiming to be a former employee of a real company who has not received a severance check. The email to the lawyer may contain attachments that could include an employment letter, termination letter, severance agreement, and an email string discussing payment of severance. The reported scams have been virtually identical, with different severance amounts. This scam is currently active during the COVID-19 emergency.
More Information:
Evolving Scams: Don't Let Your Guard Down (This article courtesy of the Oregon State Bar Professional Liability Fund)
Scammers Target Labor Lawyers (This article courtesy of the Florida Bar)
Ransomware Attacks
Targeted Population: Law Firms
What to Expect: Hackers send e-mails containing attachments that contain "ransomware." Details of the e-mails are unknown. Hackers have stolen data, threatened to release the data unless paid, and published the data on the internet.
More Information: Ransomware Attacks Hit Three Law Firms in Last 24 Hours (This article courtesy of Robert J. Ambrogi)
