June 8, 2016 – Cyber thieves are increasingly targeting lawyers with fraudulent emails that purport to be from bar associations, lawyer disciplinary boards, or other official entities that lawyers may interact with in their capacity as legal professionals.
The American Bar Association’s Division for Bar Services is monitoring a rise in fraudulent emails to various state bar members, with recent confirmations of fraudulent emails sent to lawyers in Alabama, Florida, Georgia, and California.
The State Bar of Wisconsin, to date, has not received any complaints of an attorney receiving a fraudulent email from the organization, but attorneys should be on high alert.
What is the Scam?
Florida lawyers recently received emails, purporting to be from The Florida Bar with subject lines “Florida Bar Complaint” or “Florida Bar Notification.” (see sample below).
The Florida Bar, unlike the State Bar of Wisconsin, handles attorney discipline. The email claimed to be a disciplinary notice and contained a link to review the complaint.
Lurking behind those links could be malicious malware, including ransomware designed to lock computers until a “ransom” is paid. Clicking the link could also take lawyers to fake websites or pop-ups that ask for user names and passwords to proceed.
“Any number of things can happen,” said Bill Kummer, network and computer systems manager at the State Bar of Wisconsin. “The scammers are creative in how they attempt to extract the information they want or obtain access to your computer systems.”
The Florida Bar also reported that attorneys received emails with a subject line, “Lawyers and judges may now communicate from the portal.” It purported to be from The Florida Bar and asked recipients to test a new portal and provide feedback.
Other reported emails to lawyers, purportedly from The Florida Bar’s president, contained the subject line “Florida Bar Association Past Due Invoice.” Again, the scam lures attorneys with links that contain malicious malware or “phish” for private data.
These scams are variants of other cyber scams that use email to defraud unsuspecting lawyers through sophisticated schemes. Variations of counterfeit check scams involving money transfers, for instance, have been happening for years.
Law firms in Canada and the U.S. have reportedly paid ransoms to retrieve files locked by ransomware, but Kummer said paying the ransom won’t guarantee those files can be retrieved and just encourages hackers to continue their scams.
He said lawyers should have proper security measures to prevent unauthorized access to computer systems, and proper back-up systems in place to retrieve data. He also said lawyers should be on high alert when it comes to questionable emails.
State Bar of Wisconsin
The State Bar of Wisconsin corresponds with member attorneys via email. Any email from the State Bar would have a wisbar.org designation attached to it.
But communications related to the nonpayment of dues is conducted via postal mail. Thus, any attorney receiving email about nonpayment of dues should not open it.
Again, the State Bar has not received information relating to fraudulent emails purporting to be from the State Bar of Wisconsin. But if you question the authenticity of any email from the State Bar, call us at (608) 257-3838 or (800) 728-7788.
If you have other questions about data security, contact the State Bar’s Law Office Management Assistance Program (Practice 411™) at (800) 444-9404, ext. 6012.
Office of Lawyer Regulation
Attorneys facing disciplinary matters would be contacted by the Wisconsin Office of Lawyer Regulation (OLR).
Keith Sellen, director of Wisconsin’s Office of Lawyer Regulation (OLR), said that agency has not received any reports of attorneys receiving fraudulent emails purporting to be from the OLR. But he says lawyers should take special care if they see anything.
He said correspondence to a lawyer from the OLR typically occurs via telephone or postal mail, but the OLR also uses email communications. Those email communications would not include links, but may have attachments, he said.
Lawyers who receive anything purporting to be from the OLR should double-check that the sender’s email is from a wicourts.gov address. If a lawyer has any question about an email’s authenticity, call OLR at (608) 267-7274 or (877) 315-6941.
Board of Bar Examiners
The Board of Bar Examiners would contact attorneys who face suspension for noncompliance with continuing legal education requirements (CLE).
Jacquelynn Rothstein, director of the BBE, was also not aware of any fraudulent emails purporting to be from the BBE. But she said Wisconsin attorneys would never receive an email from the BBE that says they risk suspension for CLE noncompliance.
That is, a notice to report for the applicable reporting period is sent via postal mail every October. Those who don’t comply would receive notice of noncompliance via certified postal mail. And the BBE would also send notice of suspension via postal mail.
Those who do receive questionable emails purporting to be from the BBE should contact the BBE at (608) 266-9760. The BBE also uses the wicourts.gov designation.