Ransomeware Targeting California Law Firms

A lot of the time when we think about spam e-mails we think about the Nigerian princes asking us for our credit card numbers ( a popular scam tactic used over the years), or garbled advertisements with obviously risky links. While these e-mails are definitely still making the rounds, there are now much more targeted (and therefore much more dangerous!) spam e-mails making the rounds.

How specific do these scams get? One of the most recent Internet scams has been targeting lawyers, and specifically lawyers in California and Nevada. Scammers use their technological knowledge to craft e-mails addressed to individual lawyers that appear to be from the state bar association.

Online auction. Gavel on laptop. Conceptual image. 3d

These e-mails feature a headline that warns the lawyer that they are the subject of an ethics complaint, and include an attachment that supposedly includes the “details” of the complaint.

Naturally, receiving an e-mail that warns of ethics complaints is shocking, and many of the recipients click on the attachment without thinking. Unfortunately, the attachment contains ransomware – a program that locks access to the recipient’s computer until they provide the hackers with the information they want (usually a credit card number or other personal information).

If lawyers open this attachment at work, they run the risk of losing access to any and all client files stored on their work computers. Usually the only way to remove the ransomware without paying the ransom is to do a complete reset of your computer – so if your files aren’t securely backed up, you may find yourself in a difficult situation.

This new trend of targeted ransomware is definitely worrying – when e-mails appear to be sent from legitimate sources, especially when they contain concerning or sensitive information, it’s natural to click on a link or open an attachment out of concern or curiosity.

However, in order to protect your security and the security of your computers, it’s of utmost importance that whenever you receive an attachment or link from a new e-mail address (whether or not it appears to be legitimate), do some investigating before you proceed.

Consider calling the person or institution who supposedly sent you the e-mail (many state bar associations have indicated that they do not send sensitive information such as ethics complaints over e-mail) and ensure that they were the ones who contacted you. If there’s a link in the body of the e-mail, hover over it with your cursor to ensure that it goes to a legitimate website.

If you are worried about your current level of preparedness for phishing attacks like these, it’s always a great idea to speak with your IT professional, as they can help you to ensure that you have a strategy in place to protect your work e-mail, your computer, and your backups.


CW Portal