A Scam in Time for Christmas

Law firms routinely collect and issue W9 and 1099 forms. But if you receive an email requesting a tax form and weren’t expecting it, think twice. Ask yourself:

  • How did the email arrive? Via a website contact form, via your blog, or addressed to a specific person in your firm who would deal with such matters?
  • Do you recognize the sender?
  • Does the sender’s domain exist?
  • Does contact information given in the email match what you find on the web?
  • Do your records reflect that you did business with the sender this year?
  • Does any part of the email message seem “off?”

Remember scams can seem innocuous, even apologetic:

We are updating our new financial software and see that we don’t have a current W-9 or your tax id number in our system. If we could get this at your earliest convenience that would be wonderful. We realize and understand that you are tax exempt, but we would love to have the information fully entered into your new system. Thank you for your help and understanding. If you would like you can fax it to XXX-XXX-XXXX.
Have a great day!

When a request seems fishy (we understand you are tax exempt?) or oddly worded (we would love to have the information fully entered into your new system?!) take the time to independently verify legitimacy. Check your records, run a web search on the purported sender, and pick up the phone. Don’t use the contact information given in the suspicious email. Avoid replying, submitting a fax, or clicking on any links the message may include. Most importantly, educate staff on all levels and keep your antennae up for new variations of scams.

All Rights Reserved 2019 Beverly Michaelis

Ethics of Disaster Recovery and Data Breaches

Coming December 10 at 1:00 pm Eastern, 10:00 am Pacific – a lawyer’s ethical duties in responding to disasters and data breaches. Featuring ABA Formal Opinion 483: Lawyers’ Obligations After an Electronic Data Breach or Cyberattack and Formal Opinion 482: Ethical Obligations Related to Disasters (2018).

This session will offer real-life examples on how to recover from a disaster or a data breach — ethically.

Disasters and data breaches bring with them conflicting priorities to resolve. Duties of disclosure compete with those of confidentiality for your attention. The responsibility to provide legal services for which your clients have contracted may be adversely affected by disaster. Model Rules 1.4 and 1.6 provide the standards and the recent ABA opinions flesh out your ethical duties in the event of a disaster (natural or man-made) or a data breach (which is of course a very specific form of a disaster!).

Join our panel of experts as they guide you through these opinions with practical examples of how best to ensure you and your clients are protected in the face of this new world and all it has to throw at you.

This is a free CLE for ABA members. Register here.

All Rights Reserved 2019 Beverly Michaelis

Phishing Scam Hits OJD Users

Here are the details.

Imposter Fraud

Imposter fraud is perhaps the most common type of scam encountered by lawyers. As the FTC warns, it comes in many forms. Scammers pretend to be computer technicians, IRS officials, your banker, a client, or a law firm vendor. They may even pretend to be you!

No matter the method, the goal is always the same: to use social engineering to manipulate you into sending money. Here are nine tips from Webroot on how to avoid falling prey to phishing, vishing, and SMShing scams:

  1. Slow down. Spammers want you to act first and think later. If the message conveys a sense of urgency or uses high-pressure sales tactics be skeptical; never let their urgency influence your careful review.
  2. Research the facts. Be suspicious of any unsolicited messages. If the email looks like it is from a company you use, do your own research. Use a search engine to go to the real company’s site, or a phone directory to find their phone number.
  3. Don’t let a link be in control of where you land. Stay in control by finding the website yourself using a search engine to be sure you land where you intend to land. Hovering over links in email will show the actual URL at the bottom, but a good fake can still steer you wrong.
  4. Email hijacking is rampant. Hackers, spammers, and social engineers taking over control of people’s email accounts (and other communication accounts) has become rampant. Once they control an email account, they prey on the trust of the person’s contacts. Even when the sender appears to be someone you know, if you aren’t expecting an email with a link or attachment check with your friend before opening links or downloading.
  5. Beware of any download. If you don’t know the sender personally AND expect a file from them, downloading anything is a mistake.
  6. Foreign offers are fake. If you receive an email from a foreign lottery or sweepstakes, money from an unknown relative, or requests to transfer funds from a foreign country for a share of the money it is guaranteed to be a scam.
  7. Delete any request for financial information or passwords. If you get asked to reply to a message with personal information, it’s a scam.
  8. Reject requests for help or offers of help. Legitimate companies and organizations do not contact you to provide help. If you did not specifically request assistance from the sender, consider any offer to ’help’ restore credit scores, refinance a home, answer your question, etc., a scam. Similarly, if you receive a request for help from a charity or organization that you do not have a relationship with, delete it. To give, seek out reputable charitable organizations on your own to avoid falling for a scam.
  9. Secure your computing devices. Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so.  Use an anti-phishing tool offered by your web browser or third party to alert you to risks.

All Rights Reserved 2019 Beverly Michaelis

 

 

Are Changes Coming to Oregon’s Data Breach Law?

Attorney General Ellen Rosenblum is urging the Oregon legislature to update Oregon’s data breach law:

“Data breach and the distribution of personal information is a growing risk for Oregonians. Nationally, data breaches in 2013 exposed an estimated 546 million piece of personal information. The Oregon Identity Theft Prevention Act of 2007 requires businesses and governmental agencies to notify consumers of digital data breaches and develop safeguards for personal information but provides no protection for medical, insurance or biometric information. By extending enforcement power to the Oregon Department of Justice, Oregon will be able to use the effective enforcement tools of the already-existing Unlawful Trade Practices Act .” Read more here.

Track the status of legislative action on this issue and in other areas that affect your practice by using the Oregon State Bar 2015 Regular Session Bill Tracking tool.

The 2015 Oregon State Bar Law Improvement Proposals are found here. The 2015 Oregon State Bar Legislative Priorities include improvements to court funding in general, eCourt funding in particular, and legal services to the poor. Read more here.