Cyber Threats

This page provides timely information about reported fraudulent cyber activities potentially related to the practice of law in West Virginia. To report fraudulent cyber threats contact Mike Mellace at

Current Threats

  • Phishing Emails Impersonating State Bar Staff

    Throughout January 2019 there have been reports from members receiving emails from fraudulent email accounts attempting to impersonate a State Bar staff member. If you receive one of these emails please mark it as spam and delete the message.

    The State Bar does not email invoices to members unless the member completes a form requesting to pay via check on our membership website


    Below is an example of one of the emails received by a State Bar member.


    From: The West Virginia State Bar <>
    Sent: Friday, January 18, 2019 8:29 AM
    To: ———————
    Subject: Re: Invoice #18204 Message

    Please see attached and thanks!

    I have enclosed a copy of the invoice for your reference, you can download view using this link

    The West Virginia State Bar


    Multiple West Virginia Law Firms have reported scams involving “prospective clients” that use doctored information related to sexual harassment settlements. The prospective client provides very convincing evidence and a fake cahiers check to the attorney that is then rejected by your bank after processing.

    The basic premise is that the individual was an employee of Sunbelt Rentals in Charleston, WV.  A new female manager (who was related to the CEO) transferred into the location. The female manager then began making sexual advances toward the prospective client. Refusing the advances, the prospective client made a complaint. He was allegedly terminated shortly thereafter.  The URL for the corporate email address is not a valid URL (although it looks very close to Sunbelt’s actual website).   

  • Fastcase – Email Phishing Scam via Phil Rosenthal’s Account

    If you received a phishing email on 2/1/2019 from Phil Rosenthal due to his Fastcase email account being compromised.  The subject line is “RIVIEW DOCUMENT.”  For your own security, please do not open nor click the attachment.  Please delete the email immediately, if you haven’t already.

    The Fastcase team has taken immediate steps to further secure our email accounts in an attempt to prevent this from happening again.  We’re sorry for any confusion this has caused.

  • MARRIOTT DATA BREACH: Basic Consumer Information



    MARRIOTT DATA BREACH: Basic Consumer Information


    Marriott’s reservation database (Starwood Reservation Database) was hacked.

    Hackers mined/collected data for 4 YEARS before discovery of the breach.

    Hackers accessed: names; birthdays; passport numbers; email addresses; mailing addresses; and phone numbers

    HACKERS MAY HAVE ACCESSED FINANCIAL INFORMATION, including credit card numbers, PIN numbers, and/or expiration dates

    500 million consumers (worldwide) affected by the breach (# of WV consumers unknown at this time).

    Breach includes SHERATON, WESTIN, and ST. REGIS hotel chains.

    Marriott has created a website and call center for consumer inquires.

    Consumer Website:              

    Dedicated Call Center:                   1-877-273-9481

    Marriott is also offering free enrollment in Webwatcher (which is a monitoring service). We’re reviewing the webwatcher program and cannot advise consumers on the pros and cons of the service at this time.

    Free Webwatcher Enrollment:

  • Phishing Email – December 7, 2017

    On December 7, 2017 a few members of the State Bar received phishing emails with the subject “FYI” If you received this email please delete it and do not open the attachment. Below is a screenshot of the details.


  • FYI – Amazon Gift Cards

    The following message was reported as fraudulent. Steptoe & Johnson PLLC reported the activity.

    Sent: Tuesday, November 07, 2017 1:17 PM
    Subject: FYI – Amazon Gift Cards (Do Not Click!)

    The Following E-mail is making the rounds and, as much as I wish to say we are giving away Gift Cards, the sad fact is that we are not.  Please do NOT click on the link or fill out any information to claim your gift card – you will only receive heartache and not $20.


    From: Daved Gormon []
    Sent: Tuesday, November 07, 2017 12:28 PM
    To: Angela Fazzini
    Subject: Good job. Here is a token of our appreciation.

    To redeem your Amazon Gift Card:

    1. Click Redeem Now.
    2. Then enter the Claim Code when prompted.
    3. Gift card funds are applied automatically to eligible orders during checkout.
    4. You must pay for any remaining balance on your order with another method.


  • Google E-Sign & Google Drive

    Suspicious emails have been going out to the general public saying you need to click on a link to “e-sign” a document through google or access a shared document. These emails claim to be relating to a document saved within Google Drive or E-Sign but are actually fraudulent phishing email links.

    Below is an example of the fraudulent email.

  • Email Spoofing

    On Tuesday March 21st, State Bar President McGhee reported that fraudulent emails are being sent out to bar members using his email address. The individual that is sending these emails is requesting payment information via email. These emails are being “spoofed” the individual is using an unauthenticated email server. These emails should be deleted as soon as possible if you receive one. No phishing links were included in the email. The State Bar and its Board of Governors do not request payment information via email in any circumstance.

    If you receive any emails similar to the event described above please contact Mike Mellace at .


  • WVSAO Phishing Email

    The West Virginia State Auditors Office requested the State Bar send the following notification regarding fraudulent emails:
    On March 12, 2017 fraudulent emails were sent to a large number of people with the subject “Private Message From WVSAO” including a “Click here to Login to view the document now.” link that takes you to a phishing website. The email address “” was spoofed using a fraudulent email server.
    If you received this email please delete it immediately. If you clicked on the link and entered any information please change your passwords immediately.
    If you have any questions or concerns please contact or

  • Notice of Potential Scam Involving Correspondence from Office of Disciplinary Council

    The WV Office of Disciplinary Council has advised that bar members in Pennsylvania, Texas and Maryland have reported receiving an email claiming a grievance has been filed against them and giving them 10 days to respond. The email invites them to “click here” for more information.

    None of the disciplinary agencies are responsible for these emails. The link loads a malicious software called ransomware on your computer that blocks computer access until a sum of money is paid.

    We are no aware of any similar scams in WV, however, be alert. If you receive this type of email, delete it immediately. If you have any questions about any emails received from the Office of disciplinary council, contact that office at or 304-558-7999. Do not click on any links.

  • Wire Fraud Issues

    Charleston, WV – A WV State Bar member recently reported being hit with a wire fraud issue twice in the last year, and another law firm recently wired fund to the wrong account based on a fraudulent e-mail.  In both cases a realtor’s e-mail account was hacked.  In the first case, the buyer received alleged wire instructions from our office to send the funds for closing.  Fortunately, we had asked for a cashier’s check and buyer brought to our attention.  In the second case, our seller allegedly sent wire instructions for their proceeds, to which it was sent, but immediately recovered by the bank.  Lawyers need to verbally call the recipient of the wire and verify the instructions, as well as obtaining copies of driver’s licenses.  Also, lawyers should be sending wire instructions via secure e-mail.  Generally, the hacker will get into a Yahoo account (either realtor or lawyer) and then spoof the party who is sending the wire instructions.  Here is is a link to a recent Florida Bar New article.



  • Good Day Attorney

    The following email has been reported by multiple attorneys as being a fraudulent email.





    The State Bar has become aware of fraudulent schemes that have targeted lawyers’ client trust accounts throughout the country. From email that the ADO has received from its counterparts in other states, there appear to be two variations that have been used during the last few months. The first scheme is an advance fee “confidence scam” which involves what purports to be a business proposal from officials of a foreign government or foreign business. Typically the lawyer receives an unsolicited email from a company in China (or other location in Asia). The email states that the sender has found the lawyer’s name in an online legal directory The sender then advises the lawyer that he (or she) would like to retain the services of the lawyer to collect a judgment from a local business. The lawyer then performs some preliminary research and determines that the local business is a legitimate business. A contingency agreement is entered into. Within days, and prior to a demand letter being sent, the lawyer receives a cashier’s check from the local business for a large sum of money (normally several hundred thousand dollars) towards the judgment, with a note explaining the purpose of the check. The check appears to be from a local bank The lawyer then deposits the check into his/her client trust account. The Chinese business then contacts the lawyer and advises that the business needs all (or a portion) of the settlement proceeds immediately to cover on-going business expenses. The lawyer is advised that he/she can retain his/her contingency fees from the amount that is requested to be transmitted to the Chinese business. The lawyer then calls the bank in which he/she is holding client trust funds to inquire if funds are available, and is advised that they are. The funds (less the lawyer’s fees) are then wired to the scammer’s account in China (or elsewhere in the Far East). Within days, the lawyer is informed by the bank holding his/her client trust account that the local check was a forgery, and the lawyer is then out of trust by several hundred thousand dollars. The scams normally work because the victim lawyers do not appreciate the difference between funds that have “cleared” (or are collected), and funds that are available for use. Banks are required to make funds available for use within a few days of the deposit of checks, even though the funds often are not actually collected until nearly two weeks after the checks are deposited. The second type of scam that has been reported by other states involves the collection of a divorce settlement that has been allegedly reached with the scammer’s ex-husband. The scammer informs the lawyer that she is currently on assignment in a far eastern country and has an agreement for the husband to pay her several hundred thousand dollars, plus legal fees. The rest of the scam proceeds in a manner essentially similar to the judgment collection scam outlined above, and involves the deposit of a forged cashier’s check into the lawyer’s client trust account and the wiring of the client’s share to a foreign bank. Attorneys are warned that if the proposition appears too good to be true, it probably is. One should always be extremely wary of email communications from anyone you don’t know. Finally, it is extremely important that lawyers know the difference between available funds and collected funds



FTC Consumer Scams Information

website security