Recently, the WSBA has received several reports of scams either “spoofing” (pretending to be, or be from attorneys) or targeting attorneys. Some scams use an attorney’s or firm’s identity to extort money from victims, while others are sending ransomware directly to the attorneys.
Common scams affecting lawyers
WSBA members have reported that someone used their law firm’s name to make threatening calls demanding money to persons the lawyer has no connection with. The bogus callers identified themselves using actual names of people who work at the firms and threatened to arrest the victims, put them jail, and sue them if they did not make an immediate payment.
Other members have reported that someone forged their letterhead and individual signatures to make demands. In one case the perpetrator threatened deportation of the recipient if payment was not received.
In another tack, victims in at least four states (California, Nevada, Georgia, and Florida) were hit with ransomware email claiming to be from the state bar’s disciplinary offices. Ransomware is malicious software that encrypts and freezes data. It infiltrates a computer system by appearing to be an attachment or link inside an innocuous email. Ransom-ware perpetrators demand a fee for unencrypting the targeted data. Below is the email targeting California attorneys. It directed attorneys to click on a link regarding a supposed complaint filed against the law practice.
How you can protect yourself
If you receive such an email appearing to be from the WSBA, do not open it and delete it immediately. The WSBA will only contact attorneys regarding new grievances by mailed letters.
If an attorney is targeted in a scam, it is entirely appropriate to contact and cooperate with the police. Ransomware victims also are encouraged to immediately contact their local FBI field office as well as the FBI’s Internet Crime Complaint Center. The FBI issued a public service announcement in June 2015, offering tips for avoiding ransomware schemes. Implementing an awareness and training program, ensuring anti-virus and anti-malware solutions are automatically updated, and regularly backing up data can help prevent a ransomware attack.