Online Scam Alert: Fake Attorney Emails
Hackers have been targeting people and organizations that are involved in lawsuits.
This recent rash of scams is focused on people involved in litigation, and uses deception to defraud them out of settlement funds. The targeted individuals are typically law firm employees, banks, and other third parties involved in the processing of settlement funds. Law firms’ clients are also receiving the fraudulent emails.
What to look out for:
Emails that claim to be from an attorney. If you work within a law firm, be cautious of any unusual email as your organizations are being specifically targeted.
Any email is suspect, but be particularly cautious of emails with links or attachments.
Always be vigilant when opening email attachments or clicking email links. NEVER click a link in an email unless you’re sure it is safe.
How the scam works:
- An employee at the law firm clicks on a phishing email link or opens an attachment.
- Malware infects the employee's computer and infiltrates their email account.
- The hacker monitors the account until they see emails about sending or receiving settlement funds.
- The hacker intercepts emails and uses spoofed email addresses to request settlement funds be deposited into their own account.
- The recipient of the spoof email wires the funds to the hacker's account believing it is going to the law office.
- The scam is only discovered after the law office says they did not receive the funds.
This phishing method has already cost law firms and other parties hundreds of thousands of dollars, so be alert! Don’t fall prey to this scam, as the compromised party may be legally responsible for paying back the stolen funds.
Follow these tips to help avoid phishing and wire fraud scams:
- Before wiring money, review the account details with the recipient over the phone. After you send the payment, confirm that the payment arrived.
- Do not accept changes to wiring instructions. Consider this a red flag and immediately call the recipient to inform them that someone is requesting the change.
- On email communications, particularly on ones dealing with wiring funds, examine the return email address and double check for any misspellings. Spoofed email addresses will usually look very similar to the legitimate email that they're imitating, often with a difference of one letter or symbol.
- Consider the details in emails and look for misspellings, poor grammar, and logos that look blurry or out of place.
- If you believe you fell for a wire fraud scam, contact the bank immediately to reverse the payment.
- You should also file a police report and submit a complaint with the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.
We highly recommend following these cybersecurity best practices:
- Scan your devices with anti-virus and anti-malware software on a weekly basis.
- Keep your operating systems and applications updated so that you don’t miss any security patches./li>
- Use multi-factor authentication on your email accounts. These typically allow one-time codes to be sent to the user’s phone.
- Adhere to proper password protocol. Use strong passwords and change them on a regular basis.
- Train your employees to watch for phishing emails. Do not click on attachments and links from senders you don't know. If someone on your network has already clicked a phishing email, put in a support request here.
If you would like additional protection from hackers, we can discuss our complete cybersecurity offering, which includes email security, ransomware protection, enterprise anti-virus/anti-malware protection, intrusion prevention, and 24/7 security monitoring. Contact us for more information, or use our website chat function to get the conversation started.