IS SOMEONE PHISHING FOR YOU?
IS SOMEONE PHISHING FOR YOU?
JUSTICE DANIEL CROTHERS North Dakota Supreme Court
I recently have written in this space about cybersecurity and ransomware. 1 We now are learning lawyers and law firms are being targeted with email messages stating an ethics complaint has been filed against them and they should click on a hyperlink to review the complaint. 2
The American Bar Association Journal recently reported:
“ Lawyers who receive emails about a complaint filed against their business may have a problem— but it’ s not because of an angry client.
Officials in multiple states are warning that the emails invite the lawyers to click on a hyperlink to view the complaint. Clicking on the link will open a website that installs malicious software or ransomware on the lawyer’ s computer. Ransomware blocks computer access until the computer user pays money to get it unlocked.” 3
Bar associations in New York, Texas, Pennsylvania, Maryland, and Florida have informed members of concerted efforts to access lawyers’ computer systems. The New York attorney general reported,“ Attorneys are receiving email claiming that their
26 THE GAVEL business was subject of a complaint for which they have 10 days to respond. The email includes a hyperlink to the‘ complaint’ but in reality it links to a website that installs malicious software on the person’ s computer.” 4
Texas bar authorities wrote,“ An email scam that uses false notifications of disciplinary actions is targeting members of the State Bar of Texas. Several Texas attorneys have reported receiving an email claiming a grievance was filed against them and that they have 10 days to respond. The email invites them to‘ click here’ for more information.” 5
The Maryland State Bar Association provided these details:
“ What to look for:
The subject line of one such email read‘ The Office of The State Attorney Complaint,’ and the email contained an embedded PDF link that appeared to be a complaint about the lawyer’ s business but was, in fact, malicious ransomware.
Another email said‘ see you in court’ in the subject line and featured a link presented as an encrypted document but was in actuality a computer virus. This email may even appear to be from an attorney that you know if his or her email account has been hacked.” 6
Authorities in all three states cited above advised lawyers to not respond or click on the hyperlink, but instead to immediately delete the email.( For email you want to“ permanently delete” using a Windows-based computer, move your cursor to single-click on the message to highlight it; press and hold“ shift,” and then press“ delete” to remove the message without moving it to your“ deleted” or“ trash” folder.)
In North Dakota, complaints pending at both the inquiry committee and disciplinary board level must be“ served” on a respondent lawyer. 7 Therefore, it is highly unlikely and contrary to the applicable rules that disciplinary counsel would make initial contact by email.
Bar authorities suggest lawyers thinking the email might be legitimate should contact bar regulators by telephone to verify an email was sent. They further recommend lawyers receiving bogus lawyer disciplinary emails file a complaint with their state attorney general and the Federal Trade Commission through the FTC’ s website. 8
Florida’ s advice to its lawyers mirrors that of the other states. Florida adds,“ If you open an attachment or click a link within an email that you suspect is malicious, contact your technical support person or help desk immediately.” 9
The ABA Journal article author suggests lawyers receiving phishing emails report the incident to the FBI’ s Internet Crime Complaint Center. 10