Be on guard, cyber pirates may be lurking
LegalFuel — The Practice Resource Center of The Florida Bar, has resources available on its website to help lawyers recognize and avoid becoming victims of scams
Spoofing and phishing. It’s an old play for those who would separate lawyers from their money. But those who ply this fraudulent trade are always working to up their game.
A Jacksonville lawyer recently came close to becoming a victim of some of these nefarious cyber pirates, but quick action and a personal relationship with his bankers warded off this latest attempt to swindle, and he is now sounding the alarm to his colleagues in the Bar to stay vigilant.
“Luckily, we averted any kind of problem,” he said.
The News agreed not to name the lawyer so the story can serve as a warning.
The fraudsters, operating out of South Africa, purchased a domain name only one letter off from the one used by the small Jacksonville firm and then set up an email address that mirrored the firm’s look right down to the managing partner’s signature line.
The lawyer and his IT consultants believe the charlatans also at one point hacked into the firm’s network and obtained the names and contact information for the firm’s clients and began sending emails “asking them to confirm changes and contact numbers and provide the last digits of account numbers.”
The con artists also emailed the firm’s bank in an attempt to change the contact information for the firm and asked the bank to confirm wire transfer information for the firm’s trust account. After some interaction — and providing some sensitive information to the scammers — the bank finally became suspicious and called the lawyer.
“I have a great relationship with the bank and that’s the first thing I wanted to say — the reason they did not get anything was because the bank knows that only I can initiate changes, and I would not do that through email,” the lawyer said.
Upon learning of the phishing expedition at the bank, the lawyer immediately closed the existing trust account, opened a new one, and contacted all his clients “saying if you see anything fishy. . . don’t answer, don’t respond, and call me or my paralegal if there are any questions.”
He also reported the incident to the Cyber Division of the FBI and had his IT company contact the domain registry service to report the address the scammer registered was being used for fraudulent purposes.
The firm has also instituted a two-step authentication method on all its accounts.
“We are all at risk,” he said. “These people are savvy as hell.”
LegalFuel — The Practice Resource Center of The Florida Bar, has additional resources available on its website to help lawyers recognize and avoid becoming victims of a scam.
