More recently, criminals have launched new phishing schemes to trap unsuspecting victims. The Voice of Experience e-newsletter just covered some of the scams (ambar.org/scamsarticle). Many others are aggressively targeting attorneys. Here’s how.
Bars begin issuing warnings
A growing number of state bar associations are warning their members of email phishing scams targeting lawyers and their clients.
In June, The Florida Bar issued an advisory warning (http://bit.ly/2dV7J1K) attorneys that criminals have accessed the attorney database (which is an online public record) and begun sending out fake bar-dues notices threatening suspension of law licenses for non-payment of those dues.
These emails typically include a link. The bar has warned lawyers not to click on any links contained within the emails and to delete the emails immediately. It’s suspected these links lead to malicious software.
The subject lines of the scam emails the Florida bar noted included:
- “Florida Bar Complaint—Attorney Consumer Assistance Program”—This email bears the name of President-elect William J. Schifino Jr., on behalf of the Attorney Consumer Assistance Program, according to the Florida bar alert. The email informs members that a complaint has been filed against their law practice.
The bar reminds lawyers that when it files a complaint against a lawyer, it never initiates contact on the matter by email.
- “Florida Bar Notification”—This email is allegedly from a Board of Governors’ member and purports to be notice of changes in the bar’s fees and payment schedule, reports the alert. There’s also a reference to adding a new “Virtual Business Card System.” The email then asks lawyers to review and update the attached information.
- “Lawyers and judges may now communicate through the portal”—In this email signed by “The Florida Bar,” lawyers are asked to test and provide feedback on a new portal. It really exists, but nobody legitimate is seeking lawyers’ input by email. There’s a link to supposed instructions that’s most likely malware or ransomware.
Scams pop up in other states, too
In January, the State Bar of Arizona also gave its members a heads up on how to protect themselves and their clients (http://bit.ly/2dEy6dl). “This sophisticated scam exploits the attorney/client relationship and defrauds consumers of their money,” notes the alert.
The alert describes how the scam works:
- The client receives a phone call.
- The caller ID shows the number belongs to the attorney.
- The client is informed additional money is owed to the lawyer.
- The client is then given a toll-free number to call.
- The client calls the number and is directed how to pay the money.
In a recent case involving a bankruptcy court, according to the Arizona notice, a client was told he needed to pay more money to a creditor. The scam was caught in time and no money was lost.
The key to this scam is caller ID spoofing, according to the Arizona alert. It’s a technology switcheroo that allows callers to change their caller ID to reflect whatever number they want—including that of a law firm.
IRS says its ID is stolen
The Internal Revenue Service has also issued several recent consumer warnings on the fraudulent use of the IRS name or logo by scammers trying to gain access to consumers’ financial information to steal their identity and assets. Criminals have been sending phishing emails like those previously used in the Nigerian email scam. They’ve also been making unsolicited phone calls and home visits to potential victims.
In August 2015, the IRS issued IR-2015-99 (http://bit.ly/2dyTGhR). It warned taxpayers to guard against new tricks by scam artists and reported the potential theft of more than $20 million.
Scammers posing as IRS agents first targeted those they viewed as most vulnerable, such as older Americans, newly arrived immigrants, and those whose first language isn’t English. However, criminals are now expanding their net and seeking a limitless amount of victims.
These criminals also use spoofing, altering the phone number that appears on the victim’s caller ID to make it seem like they’re receiving an official phone call from the IRS or another government agency. Identifying themselves with fake names, titles, and badge numbers, they use online resources to gain personal information about the victim to sound official. They also copy official IRS letterhead for use in email or regular mail.
Relying on shock, fear, and intimidation, these criminals scare people into reacting immediately to a perceived threat—massive fines, the revocation of a professional license, jail time, deportation, and more. They leave “urgent” callback requests through robo-calls and emails, asking the victim to respond to a fake phone number or email address that will generate a response that sounds is if they’re contacting the legitimate government agency.
Advice from the real IRS
To avoid such scams, remember five things the real IRS will never do:
1. Demand immediate payment over the phone or call about past-due taxes before sending official government correspondence by U.S. mail
2. Threaten to contact local police or law enforcement to have you arrested for non-payment of taxes
3. Demand that you pay taxes without the right to question or appeal the amount allegedly owed
4. Require a specific method of payment, such as a pre-paid debit card (which is non-traceable once delivered to a third party such as these criminals)
5. Ask for your bank account or credit or debit card information over the phone
Criminals are continually updating their methodology to remain ahead of law enforcement and trick the public into falling for newer schemes, but it’s all loosely based on the original Nigerian email scam. You should be vigilant and extremely suspicious of unsolicited emails and telephone calls demanding any sort of payment.