Ride the Lightning

Catfishing: Scammers Are Pretending to be Lawyers Online

September 11, 2019

Catfishing – pretending to be someone else online – has long been the purview of romance scams, where someone puts up a phony profile and tries to nurture a romantic relationship online, usually to get the victim to fork over money under false pretenses.

But as Law.com reported (sub.req.) on September 9, law firm catfishing is real and becoming a problem.

So . . . before you open an email from a law firm, you may want to give it a second look. Cybersecurity experts and legal industry observers say scammers are commonly impersonating lawyers in emails because they know people are more likely to respond to a lawyer when requesting sensitive data or payments.

Alex Holden, chief information security officer of risk management company Hold Security, said many emails impersonating law firms are phishing attempts to share fake legal documents infected with malware. Others are offering fake settlements or other rewards attempting to obtain personal information.

Not only hackers are pretending to be lawyers. Allegedly a football coach targeted a Kansas newspaper with emails impersonating a lawyer, according to the Montgomery County Attorney's Office.

The office alleged Jason Brown, a football coach who also appeared in Netflix's "Last Chance U" documentary series, created a fake email address impersonating a lawyer from The Cochran Firm, according to local media reports. Brown allegedly sent cease-and-desist notices to Montgomery County Chronicle, while claiming to be a California-based attorney from the national firm.

The Cochran Firm spokesperson Ryan Julison said the law firm is not involved in the matter and Brown never had access to any firm data.

Email impersonation of a lawyer isn't uncommon and is occurring abroad as well. In May, Legal Week reported fraudulent email addresses impersonating two U.K.-based DLA Piper attorneys were used as a ploy to make an entity transfer funds to a fraudulent bank account. DLA Piper joined a growing list of impersonated U.K. lawyers and firms, according to the U.K.'s Solicitors Regulation Authority.

"Email modification is the most common area of cyberfraud we see accounting for well over half of all cybercrime reports to the SRA," wrote an SRA spokesperson. They noted, "We see fraudsters posing both as law firms in order to trick clients into sending money to the wrong place, and also impersonating clients to trick firms."

Preventing an embarrassing scam impersonating your brand is difficult, mainly because the fraudulent emails deployed are outside the firm's domain. Firms should monitor newly registered but eerily similar email domain registrations. Additionally, lawyers and firms should educate clients about "acceptable" communication, including a non-solicitation policy for certain personal information via email and educating staff and lawyers in identifying phishing emails.

If an email correspondence seems odd, the recipient should reach out to the purported sender directly at a number known to be valid.

Wearying, isn't it? Something else to bedevil law firms. Once again, time to update the cybersecurity training PowerPoint.

Sharon D. Nelson, Esq., President, Sensei Enterprises, Inc.
3975 University Drive, Suite 225|Fairfax, VA 22030
Email: Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson