The Florida Bar warns its members about more fraudulent emails that are being distributed; one with the subject “Florida Bar Complaint - Attorney Consumer Assistance Program,” another “Florida Bar Notification,” and the latest “Lawyers and judges may now communicate through the portal.”
Do not click on any links contained within the emails and delete them immediately. It is suspected that these emails contain links to malicious software.
The “Florida Bar Complaint” fraudulent email bears the name of Bar President-elect William J. Schifino, Jr., on behalf of the Attorney Consumer Assistance Program (ACAP), and it informs members that a complaint has been filed against their law practice. If you have any questions about Bar complaints, call ACAP at 866-352-0707. If a Bar complaint has been filed against a member, the Bar will not initiate contact with that member via email.
Another email bears the name of a Board of Governors’ member and says The Florida Bar “fees and payment schedule has changed.” There is also a reference to adding a new “Virtual Business Card System” and asks members to review the information and provide the most current information available. This email should be deleted and the links to the attached PDF files should not be used.
The latest scam email with “Lawyers and judges may now communicate through the portal” in the subject line uses information reported in a June 1 News article. The email asks the recipient to “test the portal and give feedback.” There is a link to supposed instructions that is most likely malware or ransomware. The email is signed "The Florida Bar."
The Florida Bar’s computer system has not been hacked; it appears that deceitful individuals are using members’ email addresses for malicious purposes. The Bar is asking its members to exercise caution and common sense when opening emails from unknown senders.
Members can report any suspicious email they receive to [email protected].
For tips on protecting your computer from malware, visit the Practice Resource Institute webpage at www.floridabar.org/PRI.
Earlier this month, fraudulent emails with “Florida Bar Association Past Due Invoice” in the subject line began showing up in members email accounts. Again, do not click on it, do not click on its links, and delete it immediately. It is addressed to “Dear Attorney” and is purportedly from Bar President Ramón Abadin about taking care of “membership dues that are past due.”
But it is totally bogus and could take over your computer and destroy your files unless you pay a “ransom,” said Brandon Gonzalez, the Bar’s IT operations manager.
If you have questions about your fees or contact information, call Membership Records at (850) 561-5832 or 800-342-8060, ext. 5832.
“From what we have been able to determine so far, it is the payload, and the email included what’s called Ransomeware. CrypoLocker is probably something people are more familiar with,” Gonzalez explained. “Ransomware essentially installs itself on your computer and starts encrypting your files, and then it notifies you after it’s encrypted your files and says, ‘Hey, we’ve got your system. Please pay us X number of dollars, and we’ll give you the key to unlock all of your files.’ That’s the end game for them.”
Gonzalez said he’s dealt with CryptoLocker in the past and put in measures to try to prevent repercussions. This malicious email started to make changes to the Bar employee’s local file system, but Gonzalez said he was able to catch it in time, pull it off the network, and give the employee a new PC to use.
Asked what Florida Bar members should do if they mistakenly click on these emails, Gonzalez said: “It’s tough to say, and the reason why is that there are a lot of variants of this CryptoLocker. Some are well known and some are new. They change, and there are several iterations. Due to that, they can all have different behaviors. They can install themselves in different areas of the system.”
Without actually looking at it on someone’s computer and “analyzing the behavior of that particular flavor,” Gonzalez said, “it’s difficult to make any assumptions for them.”
But Gonzalez “definitely advises them to seek some type of IT support. Hopefully, they have backups of their files, if it has encrypted them and if it has changed the files themselves. The best way to do it is to wipe that system clean and reload those files.”
How can you tell if this malicious email has taken over your files?
“A lot of times you don’t know until it’s gone through,” Gonzalez said. “You can have file name changes, so if you go into your C drive and try to open up one of your files, it can be renamed something differently. You start seeing a lot of different files renamed unexpectedly. That’s a sign right there.”
Often with phishing attempts, he said, a word in the subject line is misspelled or there are other oddities.
How many Florida Bar members received the malicious emails is impossible to determine, Gonzalez said.
“Without it being sent through our server specifically, I can’t track who it went to.”
The Bar is also reporting these emails to US-CERT, which collects phishing email messages and website locations so that they can help people avoid becoming victims of phishing scams; the Federal Trade Commission; the FBI – Internet Crime Complaint Center; and an Anti-Phishing Working Group, which includes internet service providers, security vendors, financial institutions, and law enforcement agencies.