Hey, there! Log in / Register
E-mail scammers targeting lawyers, including some in Massachusetts
By adamg on Mon, 01/30/2017 - 2:07pm
The Massachusetts Board of Bar Overseers is warning attorneys of two e-mail phishing efforts that could lead them to wire money to hackers or load malware onto their computers.
In one, lawyers handling real-estate closings have gotten forged e-mails:
After the closing but before proceeds are disbursed, the closing attorney receives an email that looks as if it comes from the seller or the seller’s attorney. The email contains a change in instructions as to where to wire the seller’s proceeds. The email is fraudulent and the proceeds, as a consequence, are diverted and do not reach the seller or seller’s counsel.
The other scheme involves what look like legitimate attachments that are actually malware launchers:
The fraudulent email being distributed may appear to come from this office or a bar group and may have a subject line suggesting that a disciplinary complaint has been filed or that money is owed. Because members of the Massachusetts bar have received these emails, please closely monitor all unexpected emails.
Ad:
Support Universal Hub
Help keep Universal Hub going. If you like what we're up to and want to help out, please consider a (completely non-deductible) contribution.
Comments
If a practicing lawyer falls
If a practicing lawyer falls for this then I question how they passed the bar
That's not fair
Some email phishing scams come from accounts and people you interact with regularly. And the attachments look legit.
It's not as dumb as you think.
I knew a fair bit about phishing once upon a tie. 8 or 9 years ago there were some phishing scams that fooled nearly 50% of managerial / professional level bank employees.
It isn't always the lawyers who are the targets
This sounds like it was targeted at staff members who are accustomed to these sorts of changes in details and handle the payouts. Yes, the lawyers are responsible, but they are not likely the ones who are pushing the buttons. I fairly recently conducted a transaction where I sent my information to a third-party service company retained by the brokerage and my bank sent over the money.
A friend works for a tech company where a low-level HR admin got an e-mail from what appeared to be a senior company officer asking for all the W-2s for everyone in the company. He dutifully complied because he didn't know any better and he was busy and young and relatively untrained and didn't realize that it was a very odd request.