This page provides timely information about reported fraudulent cyber activities potentially related to the practice of law in West Virginia. To report fraudulent cyber threats contact Mike Mellace at mellacem@wvbar.org
Resources:
ABA Resource -Protect Yourself and Your Money
FTC Cyber Security Basics for Small Businesses
identitytheft.gov
Current Threats
-
Fraudulent Emails Regarding Lawyer Referral Service
October 5, 2020 12:02 pm
Some WV State Bar Members who are not a part of the WV Lawyer Referral Service have received fraudulent emails asking if their firm handles “Litigation Cases”. The email comes from an out of country email address. If you have received emails like this please do not respond to them. If you are a part of the Lawyer Referral Service all correspondences will come from the email address “no-reply@send.community.lawyer”
Warning: Do not reply to emails from people who’s names look suspicious or do not match what they should be based on the email address that the email is coming from. Warning: Always look at the email address. Do not assume that by looking at the from name it is coming from that person. Anyone can setup an account with the name “Anita Casey” but they cannot spoof the email address caseya@wvbar.org -
December 3, 2019 10:58 am
Attorneys continue to be an attractive target for hackers due to the large amount of personal information they retain related to their clients. Increasingly more sophisticated phishing emails are one of the most common techniques hackers will use to access this information. 30% of phishing emails are opened, and 91% of hacking attacks begin with a phishing email. Lawyers and law firms are often regarded by hackers as targets who might provide convenient back-door access to sensitive client data (and money).
Anne Haag is a Practice Management Advisor at the Chicago Bar Association and prepared the below video on “How to Spot a Phishing Email”
-
Phishing Emails Impersonating State Bar Staff
February 14, 2019 9:16 am
Throughout January 2019 there have been reports from members receiving emails from fraudulent email accounts attempting to impersonate a State Bar staff member. If you receive one of these emails please mark it as spam and delete the message.
The State Bar does not email invoices to members unless the member completes a form requesting to pay via check on our membership website www.mywvbar.org.
Below is an example of one of the emails received by a State Bar member.
___________________________________________________________________
From: The West Virginia State Bar <c.castro@corporacionurimar.com>
Sent: Friday, January 18, 2019 8:29 AM
To: ———————
Subject: Re: Invoice #18204 MessagePlease see attached and thanks!
I have enclosed a copy of the invoice for your reference, you can download view using this link
The West Virginia State Bar
mellacem@wvbar.org -
February 7, 2019 4:26 pm
Multiple West Virginia Law Firms have reported scams involving “prospective clients” that use doctored information related to sexual harassment settlements. The prospective client provides very convincing evidence and a fake cahiers check to the attorney that is then rejected by your bank after processing.
The basic premise is that the individual was an employee of Sunbelt Rentals in Charleston, WV. A new female manager (who was related to the CEO) transferred into the location. The female manager then began making sexual advances toward the prospective client. Refusing the advances, the prospective client made a complaint. He was allegedly terminated shortly thereafter. The URL for the corporate email address is not a valid URL (although it looks very close to Sunbelt’s actual website).
-
Fastcase – Email Phishing Scam via Phil Rosenthal’s Account
February 1, 2019 9:29 am
If you received a phishing email on 2/1/2019 from Phil Rosenthal due to his Fastcase email account being compromised. The subject line is “RIVIEW DOCUMENT.” For your own security, please do not open nor click the attachment. Please delete the email immediately, if you haven’t already.
The Fastcase team has taken immediate steps to further secure our email accounts in an attempt to prevent this from happening again. We’re sorry for any confusion this has caused.
-
MARRIOTT DATA BREACH: Basic Consumer Information
November 30, 2018 9:53 am
THE FOLLOWING IS INFORMATION RELATED TO A LARGE DATA BREACH THAT MARRIOTT DISCOVERED. WE ARE PROVIDING THIS INFORMATION TO OUR MEMBERS BECAUSE WE BELIEVE IT MAY BE HELPFUL.
__________________________________________________________________
MARRIOTT DATA BREACH: Basic Consumer Information
WE ARE AWARE AND ACTIVELY MONITORING THE BREACH
Marriott’s reservation database (Starwood Reservation Database) was hacked.
Hackers mined/collected data for 4 YEARS before discovery of the breach.
Hackers accessed: names; birthdays; passport numbers; email addresses; mailing addresses; and phone numbers
HACKERS MAY HAVE ACCESSED FINANCIAL INFORMATION, including credit card numbers, PIN numbers, and/or expiration dates
500 million consumers (worldwide) affected by the breach (# of WV consumers unknown at this time).
Breach includes SHERATON, WESTIN, and ST. REGIS hotel chains.
Marriott has created a website and call center for consumer inquires.
Consumer Website: info.starwood.com
Dedicated Call Center: 1-877-273-9481
Marriott is also offering free enrollment in Webwatcher (which is a monitoring service). We’re reviewing the webwatcher program and cannot advise consumers on the pros and cons of the service at this time.
Free Webwatcher Enrollment: info.starwood.com
-
Phishing Email – December 7, 2017
December 7, 2017 4:45 pm
On December 7, 2017 a few members of the State Bar received phishing emails with the subject “FYI” If you received this email please delete it and do not open the attachment. Below is a screenshot of the details.
-
November 7, 2017 3:25 pm
The following message was reported as fraudulent. Steptoe & Johnson PLLC reported the activity.
Sent: Tuesday, November 07, 2017 1:17 PM
Subject: FYI – Amazon Gift Cards (Do Not Click!)The Following E-mail is making the rounds and, as much as I wish to say we are giving away Gift Cards, the sad fact is that we are not. Please do NOT click on the link or fill out any information to claim your gift card – you will only receive heartache and not $20.
—————————————-
From: Daved Gormon [mailto:Daved.Gormon@work-rewards.com]
Sent: Tuesday, November 07, 2017 12:28 PM
To: Angela Fazzini
Subject: Good job. Here is a token of our appreciation.To redeem your Amazon Gift Card: 1. Click Redeem Now.
2. Then enter the Claim Code when prompted.
3. Gift card funds are applied automatically to eligible orders during checkout.
4. You must pay for any remaining balance on your order with another method. -
May 11, 2017 2:51 pm
Suspicious emails have been going out to the general public saying you need to click on a link to “e-sign” a document through google or access a shared document. These emails claim to be relating to a document saved within Google Drive or E-Sign but are actually fraudulent phishing email links.
Below is an example of the fraudulent email.
-
March 22, 2017 10:38 am
On Tuesday March 21st, State Bar President McGhee reported that fraudulent emails are being sent out to bar members using his email address. The individual that is sending these emails is requesting payment information via email. These emails are being “spoofed” the individual is using an unauthenticated email server. These emails should be deleted as soon as possible if you receive one. No phishing links were included in the email. The State Bar and its Board of Governors do not request payment information via email in any circumstance.
If you receive any emails similar to the event described above please contact Mike Mellace at mellacem@wvbar.org .
-
March 14, 2017 10:50 am
The West Virginia State Auditors Office requested the State Bar send the following notification regarding fraudulent emails:On March 12, 2017 fraudulent emails were sent to a large number of people with the subject “Private Message From WVSAO” including a “Click here to Login to view the document now.” link that takes you to a phishing website. The email address “Desk@wvsao.gov” was spoofed using a fraudulent email server.If you received this email please delete it immediately. If you clicked on the link and entered any information please change your passwords immediately.If you have any questions or concerns please contact support@wvbar.org or Kirk.Rector@wvsao.gov. -
Notice of Potential Scam Involving Correspondence from Office of Disciplinary Council
December 1, 2016 3:41 pm
The WV Office of Disciplinary Council has advised that bar members in Pennsylvania, Texas and Maryland have reported receiving an email claiming a grievance has been filed against them and giving them 10 days to respond. The email invites them to “click here” for more information.
None of the disciplinary agencies are responsible for these emails. The link loads a malicious software called ransomware on your computer that blocks computer access until a sum of money is paid.
We are no aware of any similar scams in WV, however, be alert. If you receive this type of email, delete it immediately. If you have any questions about any emails received from the Office of disciplinary council, contact that office at www.wvodc.org or 304-558-7999. Do not click on any links.
-
November 28, 2016 8:35 am
Charleston, WV – A WV State Bar member recently reported being hit with a wire fraud issue twice in the last year, and another law firm recently wired fund to the wrong account based on a fraudulent e-mail. In both cases a realtor’s e-mail account was hacked. In the first case, the buyer received alleged wire instructions from our office to send the funds for closing. Fortunately, we had asked for a cashier’s check and buyer brought to our attention. In the second case, our seller allegedly sent wire instructions for their proceeds, to which it was sent, but immediately recovered by the bank. Lawyers need to verbally call the recipient of the wire and verify the instructions, as well as obtaining copies of driver’s licenses. Also, lawyers should be sending wire instructions via secure e-mail. Generally, the hacker will get into a Yahoo account (either realtor or lawyer) and then spoof the party who is sending the wire instructions. Here is is a link to a recent Florida Bar New article.
-
November 18, 2016 3:58 pm
The following email has been reported by multiple attorneys as being a fraudulent email.
-
ATTORNEYS BEWARE OF CLIENT TRUST ACCOUNT SCAMS
November 18, 2016 3:40 pm
The State Bar has become aware of fraudulent schemes that have targeted lawyers’ client trust accounts throughout the country. From email that the ADO has received from its counterparts in other states, there appear to be two variations that have been used during the last few months. The first scheme is an advance fee “confidence scam” which involves what purports to be a business proposal from officials of a foreign government or foreign business. Typically the lawyer receives an unsolicited email from a company in China (or other location in Asia). The email states that the sender has found the lawyer’s name in an online legal directory The sender then advises the lawyer that he (or she) would like to retain the services of the lawyer to collect a judgment from a local business. The lawyer then performs some preliminary research and determines that the local business is a legitimate business. A contingency agreement is entered into. Within days, and prior to a demand letter being sent, the lawyer receives a cashier’s check from the local business for a large sum of money (normally several hundred thousand dollars) towards the judgment, with a note explaining the purpose of the check. The check appears to be from a local bank The lawyer then deposits the check into his/her client trust account. The Chinese business then contacts the lawyer and advises that the business needs all (or a portion) of the settlement proceeds immediately to cover on-going business expenses. The lawyer is advised that he/she can retain his/her contingency fees from the amount that is requested to be transmitted to the Chinese business. The lawyer then calls the bank in which he/she is holding client trust funds to inquire if funds are available, and is advised that they are. The funds (less the lawyer’s fees) are then wired to the scammer’s account in China (or elsewhere in the Far East). Within days, the lawyer is informed by the bank holding his/her client trust account that the local check was a forgery, and the lawyer is then out of trust by several hundred thousand dollars. The scams normally work because the victim lawyers do not appreciate the difference between funds that have “cleared” (or are collected), and funds that are available for use. Banks are required to make funds available for use within a few days of the deposit of checks, even though the funds often are not actually collected until nearly two weeks after the checks are deposited. The second type of scam that has been reported by other states involves the collection of a divorce settlement that has been allegedly reached with the scammer’s ex-husband. The scammer informs the lawyer that she is currently on assignment in a far eastern country and has an agreement for the husband to pay her several hundred thousand dollars, plus legal fees. The rest of the scam proceeds in a manner essentially similar to the judgment collection scam outlined above, and involves the deposit of a forged cashier’s check into the lawyer’s client trust account and the wiring of the client’s share to a foreign bank. Attorneys are warned that if the proposition appears too good to be true, it probably is. One should always be extremely wary of email communications from anyone you don’t know. Finally, it is extremely important that lawyers know the difference between available funds and collected funds