Press "Enter" to skip to content

Posts published in “Scams”

How to Prevent Scams from Quickly Happening to your Firm

0

When it comes to scams, experts say, it is not a matter of IF a law firm will be targeted but WHEN. Law firm data is some of the most coveted and confidential hidden treasure in the world. Hackers and scammers know data is a precious resource...so, as a law firm, you, are their big red target.

What are some ways you can better prepare your solo, small, medium, or large firm for some of the wackiest, craziest, and disguised scams? Check out our 20 tips below.

20 Tips for Law Firms on How to Educate and Prevent Scams

1.      Follow the FTC website and US-CERT for privacy, identity, and online security updates.

2.      Hire certified professionals to support/update your computer hardware and software.

3.      Update anti-virus/security software on a regular basis. This is especially important with ransomware like WannaCry and a cyberthreat called Petya roaming the internet.

4.      Make sure your pop-up filter is up-to-date (comes with most security software).

5.      Always check links before clicking on them. Look for misspellings or other irregularities. Hover over the link before you click on it.

6.      Always make sure site URLS indicate HTTPS before using them.

7.      Email messages from friends or from companies you trust require scrutiny. Treat emails, links, and attachments with suspicion. Call to verify that entity/friend sent it to you.

8.      Don’t follow links in bank emails, etc. Instead use your browser to enter the URL.

9.      Never use public Wi-Fi or hotspots. Be careful with private Wi-Fi connections that you are not sure what the security measures are.

10. Contact hardware/software companies directly for assistance. Do not trust companies that contact you directly (with the initiated call).

11. Never allow a “company” (no matter who) perform a “free security scan”.

12. If you get a call from a company or someone claiming to be tech support, hang up.

13. If you get a pop-up message that tells you to call tech support, ignore it.

14. If your computer brings up a concern you are not sure about, call your security software company directly but do not use the phone number in the pop-up or on caller ID. Instead, look for the company’s contact information online or on a software package or your receipt.

15. Never share your passwords or give control to your computer to anyone who contacts you.

16. Change any passwords that you share with someone. Assign unique passphrases to every online account.

17. If you pay for bogus services with a credit card, call the credit card company directly and ask them to reverse the charges.

18. Watch for unauthorized charges to your accounts. Also, watch for unauthorized activity on your computers.

19. Never reveal personal or financial information in emails or text messages.

20. Report scams to www.ftc.gov/complaint. Report computer security incidents to US-CERT https://www.us-cert.gov/forms/report and the FBI Internet Crime Complaint Center https://www.ic3.gov/default.aspx.

P.S. If you've been impacted by a scam or technical attack that your fellow Bar members should know about, please share your experience with us by emailing pmap@scbar.org.

Bluetooth Users: Beware of Bluesnarfing!

0

Do you enable Bluetooth on your phone, tablet, or mobile devices? If the answer is yes, you might want to reconsider (like me)!

Yesterday, I was the unlucky receiver of a rare (but not unusual) cyberattack: an attack to phish data with enabled Bluetooth! Picture this: While in my car using Bluetooth listening to music on my iPhone (my Android phone's Bluetooth was also enabled), I suddenly noticed something or someone trying to enter passwords to log in to my phones! At first, I thought I accidentally activated the login screen, but after a few minutes of studying what was going on, it was evident that someone was trying to access my phones’ data. I literally could see someone trying to enter a password on the login screen and then all of a sudden receive a failed attempt message (which also appeared on my screen). Whoever it was – kept doing it – untill I finally shut off the Bluetooth in my car, on the phones, and changed passwords.

After conducting some research, I discovered that cybercriminals within Bluetooth range are using Bluetooth as a tool to collect victim's personal data, called Bluesnarfing. They do this through a piece of software that enables them to download photos, text messages, music, passwords, and even confidential information like your banking records.

These types of attacks happen more than people realize and too many are unaware. With the confidential data that passes through or is stored on lawyers' devices, it is important that we all take precautionary measures. Regardless of which device you own, here are a couple of important tips to remember:

  1. Only use Bluetooth when absolutely necessary and only use public Wi-Fi with a reliable VPN. Turn Bluetooth and Wi-Fi off when you are not using them (althought it is always best not to use public Wi-Fi).
  2. Keep your device's software, apps, and operating system up to date. Allow automatic updates by the maker. If there are apps or programs you are no longer using - properly delete them.
  3. If you can, regularly check the internet to see if there are any important security/privacy settings you should change (view these setting updates for iPhone/iPad users and these setting updates for Android phone/tablet users)
  4. Change passwords / passcodes on a regular basis. Remember security experts now say it is better to have a longer password than it is to have a complicated password. (Hint: Set passwords to favorite sentences, phrases, songs, movie lines, etc. that no one else would know - although sentences of random words you can remember work best.) If your phone does not allow you to change passcodes (numbers) to long passwords, regularly change and reset your passcode on a weekly basis (or everytime you active public Wi-Fi or Bluetooth) and make it longer than 4 digits.
  5. When safe, always keep your devices in plain view sight and within your hand’s reach.
  6. Avoid storing information like passwords, banking information, and highly sensitive data on your devices. Use a password vault instead.

Follow SC Bar PMAP for further updates and if you see any articles or blog posts on this issue elsewhere, please email me at eworley@scbar.org .

SCAM ALERT: Stay vigilant about email and firm security

0
One new twist on the scam pattern:

Residential closing firms have been recently victimized by a hacker getting into email communications with lenders, particularly out-of-state lenders, and changing wire transfer instructions from the firm account to a similarly named account at an out-of-state bank.

Lawyers in all practice areas are encouraged to inform their staff of potential scams and the dangers of opening suspicious email attachments, and to be wary of any changes in instruction from anyone outside your firm!

If you have questions, please contact the Bar's Practice Management Assistance Program at pmap@scbar.org.

Watch Out! Scammers Targeting Lawyers Through Phishing, Fraud & Other Scams

0

It seems no matter where legal professionals turn these days, there always is a scam to be on the lookout for!

Below are two scams that have been reported to the Bar.  If you have any questions about these scams, please contact pmap@scbar.org.

Alert: Phishing emails targeting lawyers

SC Bar members are cautioned to be aware of emails indicating that a complaint has been made against the lawyer or firm or that they contain a special message from the Bar president. Such emails are not coming from the Bar and are an attempt to phish members. Phishing emails are fraudulent emails that may contain links to phony websites or may request that you share personal or financial information by using a variety of techniques. Look for clues, including a suspicious “from” email address. The email may include directions to click on a link, which purports to be a copy of the complaint or of the “special message.” Do not click this link, as it could be an attempt to put ransomware on the affected computer. Bar members are reminded that any official grievance would come via U.S. mail from the Supreme Court and that any important Bar announcement would appear in E-Blast or would be sent by an individual Bar staff member.

Learn more here


Check frauds and scams continue to target lawyer trust accounts

Remember the old saying, "If it seems too good to be true...." The Bar continues to receive reports of sophisticated check scams targeting lawyers. Scammers use real companies and real names to convince their victims. Some scams are particularly convincing, with phone calls from "clients" and even some reports of in-person visits from scammers. Even banks are sometimes fooled by the high level of check forgery and may misinform the lawyer of a check's authenticity. Sometimes the checks are authentic but stolen. Stay vigilant. If a large amount of money is involved with a client you do not know, wait before disbursing funds. There have been instances where the fraud is discovered by the bank up to a week later. Report all frauds to your malpractice carrier, local law enforcement and the Secret Service field office in your state.

Tips on How to Spot Phishing E-mails

0

Here are a few tips on how to spot e-mails that are "phishing" for information:PHISHING EMAIL

  1. Who is the e-mail from? Who does it claim to be from? Any e-mail from the SC Bar will always end with @scbar.org in its domain From
  2. Who is it to? Does it have your e-mail address in the to block or something else?To
  3. Would the sender ever send an e-mail like this ? If you are not sure, pick up the phone and call. It never hurts to find out. interior
  4. Does the e-mail contain a strange link? If so, do not click on it. Call the sender and confirm that they sent the attachment. Strange website links or attachments could contain hidden malware (even ransomware) to steal data from you.link
  5. The SC Bar maintains multiple social media accounts with photos from events, recent news and resources for attorneys and the public. Bar members are invited to connect with the SC Bar on Facebook and Twitter; the YLD on FacebookTwitter and Instagram; the Mock Trial Program on Facebook and Twitter; and PMAP on Twitter. Keep up with updates from the Bar via social media or E-Blast.

Check out this link to learn more about phishing attacks and what to do about it. Also, check out this link to learn more about how phishing e-mails like this target Bar members and what to look for. E-mail pmap@scbar.org if you have specific questions about practice management or using technology in your law office.