Last week many Oklahoma Bar members received an email with a subject line of "Oklahoma Bar Association Complaint." Of course it was a fake. Our General Counsel's office does not send out these types of official notices by email. But cyber criminals hope that the surprise and horror at reading a complaint has been filed will override judgment and generate a quick click on a link or attachment. If you receive an unexpected email that makes you want to instantly click on something, ALWAYS pause and think.
Every year I place several phone calls or send emails (not replies) to lawyers asking "Did you really just send me that email?" I'm known as a technology expert and I am not embarrassed to make outreaches, so you shouldn't be either. The bad guys sending out these emails managed to obtain a lot of lawyer email addresses, because our General Counsel's office phone lines lit up as soon as the emails went out. We blasted out a warning email to every OBA member just in case.
But today I received an email about the status on an Amazon order I hadn't placed. You can click on the thumbnail at right to view an image of it. There were several warning signs. Why would I get a notice from Amazon in the UK? The ZIP file as an attachment is another clear sign. And if you save your Amazon order number, you would be able to compare and see this order number didn’t match your order.
As the holiday shopping season kicks into full speed, a lot of people will be shopping online. You might want to send a warning to your staff and lawyers that these threats will be increasing so that they will be vigilant. Even if your IT department has perfect defenses to these threats, a reminder might keep one of your staff from having their home computer compromised.
If you would like some more tips on protecting yourself from these kind of threats, you should read Beware Ransomware: Data-Encrypting Software Continues to Extort by my friend Shelia M. Blackford, Practice Management Advisor with the Oregon State Bar Professional Liability Fund. Her tips on How to Spot a Dangerous Email and Prevention Practices are excellent, not just for ransomware, but for the whole range of email-delivered computer threats.