Don’t click that link!
By Jan Pudlow
Cybercriminals are attacking Florida Bar members again.
This time, fraudulent emails that purport to come from The Florida Bar with random unidentified attachments are being distributed to Florida lawyers, and they are suspected of containing malicious software that can wreak havoc on your computer.
Jonathon Israel, director of the Bar’s Practice Resource Institute, advises members not to click on any links or attachments contained within these emails and to permanently delete them immediately. You should also notify your IT department as soon as possible.
That’s his advice in the latest fraudulent email alert that can be found at http://pri.floridabar.org/email-alerts. “Originally, it was ransomware, where people would click on a link and it would encrypt or lock up their files. And the only way to unlock them was to pay a ransom,” Israel said.
“Now, cyberterrorists are sending out emails that lock up your computer just to be mean. That’s how they get their kicks.”
Why mess with Florida lawyers, who must be a little smarter than your average audience?
“We are an easy target,” Israel said. “We have such a large membership, and they know the membership has to engage with The Florida Bar, because it is mandatory to be part of. Lawyers know they will get communications from the Bar. So we are an easy target to spoof these messages, and you have to make sure they are coming from the Bar.”
The cyberattackers also prey on people’s fear, Israel added.
“Oh, I didn’t pay my Bar fees,” the recipient may think when receiving a fraudulent email that may warn they won’t be able to practice law if they don’t pay what they owe.
Here are a few signs to look for to make sure an email from The Florida Bar is legitimate:
• The actual email address has the @floridabar.org extension. The latest fraudulent email indicated the sender email had a @t-online.de extension, not a real address.
• Another red flag in the fraudulent email is the link address doesn’t have anything to do with The Florida Bar. And there is no other way to get to the invoice other than the link. Real emailed invoices from The Florida Bar will include language that tells a recipient that they have to log in to the Member Portal in order to pay the amount due. There is also additional information, including the contact information (phone number and email address) for a member to use if they have a problem. Typically, you will not find actual contact information in a fraudulent email.
If you have questions about outstanding invoices or payments due, call the Bar’s Finance Department/Cash Receipts & Registrations at 1-800-342-8060, ext. 5831, or email [email protected].
If you have questions about annual fees, contact the Membership Records Department at 1-800-342-8060, ext. 5832, or email [email protected].
The Bar continues to provide members with the option to use checks for payment. If that is their preference, members can log into the portal, print their invoice, and mail in their payment. If you don’t want to log into the portal, contact the Finance Department/Cash Receipts and Registration, and an invoice will be mailed to you. (The Florida Bar plans to email a second notice to those who have not yet paid their annual Bar fees on August 28.)
Meanwhile, know that the folks at PRI stand ready to answer your questions about fraudulent emails and what to do if you clicked when you should have deleted.
“If they have any questions on what to look for in any suspicious emails and phishing emails, there are plenty of examples on our website on what to look for. And if they do click on a fraudulent email, there are things they can do to protect their files,” Israel said.
“We also have a daily security awareness tip they can subscribe to or follow us on Twitter and Facebook. If they have any questions, that’s what we’re here for.”
Contact Israel at 866-730-2020. Go to the website: http://pri.floridabar.org for more information, including live chat.