Dec. 2, 2025 – The State Bar of Wisconsin, along with more than a dozen other state bar associations nationwide, is experiencing a new and highly targeted phishing attack aimed at our members. We want to ensure you are aware of this threat so you can protect your personal information and help prevent further exposure.
What’s Happening
Multiple bar associations, including ours, have reported a surge in phishing emails sent to members. These emails appear to come from organizational leadership and reference confidential matters to prompt a response. The fraudulent messages attempt to harvest members’ personal cell phone numbers and other sensitive information.
This campaign is widespread – current reports indicate 12 to 15 state bar associations are affected, and that number continues to grow.
How the Scam Works
Attackers are using look-alike domains designed to mimic legitimate bar association email addresses. These spoofed domains follow a consistent pattern:
@[organization]sendcrp.com
Observed examples include:
Though the sender name may appear familiar, these emails do not originate from the State Bar of Wisconsin or any legitimate bar association.
How to Protect Yourself
Please remember:
Official emails from the State Bar of Wisconsin only come from addresses ending in @wisbar.org, including: @wisbar.org,@elists.wisbar.org, @mktg.wisbar.org, @klayviyo.wisbar.org, @govrel.wisbar.org, @email.wisbar.org.
Do not click links, open attachments, or reply to any message using the suspicious sendcrp.com domain.
Simply delete the message.
Our IT leadership is actively coordinating with other affected bar associations to block the hosting provider responsible for these phishing attempts.
