Bluetooth Users: Beware of Bluesnarfing!

Do you enable Bluetooth on your phone, tablet, or mobile devices? If the answer is yes, you might want to reconsider (like me)!

Yesterday, I was the unlucky receiver of a rare (but not unusual) cyberattack: an attack to phish data with enabled Bluetooth! Picture this: While in my car using Bluetooth listening to music on my iPhone (my Android phone’s Bluetooth was also enabled), I suddenly noticed something or someone trying to enter passwords to log in to my phones! At first, I thought I accidentally activated the login screen, but after a few minutes of studying what was going on, it was evident that someone was trying to access my phones’ data. I literally could see someone trying to enter a password on the login screen and then all of a sudden receive a failed attempt message (which also appeared on my screen). Whoever it was – kept doing it – untill I finally shut off the Bluetooth in my car, on the phones, and changed passwords.

After conducting some research, I discovered that cybercriminals within Bluetooth range are using Bluetooth as a tool to collect victim’s personal data, called Bluesnarfing. They do this through a piece of software that enables them to download photos, text messages, music, passwords, and even confidential information like your banking records.

These types of attacks happen more than people realize and too many are unaware. With the confidential data that passes through or is stored on lawyers’ devices, it is important that we all take precautionary measures. Regardless of which device you own, here are a couple of important tips to remember:

  1. Only use Bluetooth when absolutely necessary and only use public Wi-Fi with a reliable VPN. Turn Bluetooth and Wi-Fi off when you are not using them (althought it is always best not to use public Wi-Fi).
  2. Keep your device’s software, apps, and operating system up to date. Allow automatic updates by the maker. If there are apps or programs you are no longer using – properly delete them.
  3. If you can, regularly check the internet to see if there are any important security/privacy settings you should change (view these setting updates for iPhone/iPad users and these setting updates for Android phone/tablet users)
  4. Change passwords / passcodes on a regular basis. Remember security experts now say it is better to have a longer password than it is to have a complicated password. (Hint: Set passwords to favorite sentences, phrases, songs, movie lines, etc. that no one else would know – although sentences of random words you can remember work best.) If your phone does not allow you to change passcodes (numbers) to long passwords, regularly change and reset your passcode on a weekly basis (or everytime you active public Wi-Fi or Bluetooth) and make it longer than 4 digits.
  5. When safe, always keep your devices in plain view sight and within your hand’s reach.
  6. Avoid storing information like passwords, banking information, and highly sensitive data on your devices. Use a password vault instead.

Follow SC Bar PMAP for further updates and if you see any articles or blog posts on this issue elsewhere, please email me at eworley@scbar.org .

SCAM ALERT: Stay vigilant about email and firm security

One new twist on the scam pattern:

Residential closing firms have been recently victimized by a hacker getting into email communications with lenders, particularly out-of-state lenders, and changing wire transfer instructions from the firm account to a similarly named account at an out-of-state bank.

Lawyers in all practice areas are encouraged to inform their staff of potential scams and the dangers of opening suspicious email attachments, and to be wary of any changes in instruction from anyone outside your firm!

If you have questions, please contact the Bar’s Practice Management Assistance Program at pmap@scbar.org.

Questions about how to ethically handle your trust account in South Carolina?

For a quick answer, check out the handy Guide to Trust Accounting and Financial Recordkeeping in South Carolina. It has recently been updated, and you can read or download a copy here.

Don’t forget, you can also ask the Bar! Contact Jill Rothstein, Risk Management Director jrothstein@scbar.org or Nichole Davis, Risk Management Counsel ndavis@scbar.org.

The Practice Management Assistance Program (PMAP) is a free resource for Bar members. Go to our online content www.scbar.org/pmap or contact us at pmap@scbar.org.

Have you checked out the SC Bar Lending Library?

Are you looking for helpful hints to help you grow your practice?

Want to learn more about how to incorporate technology in your office?

Is it time to prepare for retirement?

The SC Bar Lending Library has over 170+ practice management and technology books available to bar members in good standing on these topics and more!

Bar members can check up to two books per a three-week period. If additional time is needed to finish reviewing the item(s), bar members may email the Lending Library Manager to request a three-week extension of time from the original due date. Material extensions of time are only granted if there is not a waiting list for that particular item.

To check out a book, bar members can visit the Lending Library located on the second floor of the South Carolina Bar at 950 Taylor Street, Columbia, SC. Out of town members who are unable to come in person may mail this checkout form with a $5 check for shipping/handling.

Learn more about the Lending Library here or check out the newest resources and overall inventory. Do you have questions about checking out a book or about the Lending Library, in general? Email eworley@scbar.org or pmap@scbar.org.

1 2 3 4 5 43