Paying Attention to the Fraud Behind the Curtain: Don't Get Fooled by Spoofed Email Addresses

  • October 29, 2019
  • Shawn Erker

As a common target of fraudsters, lawyers and law firms must be vigilant about the dangers associated with email spoofing and phishing schemes, where fraudsters will send fabricated emails purporting to be from a trusted colleague or third party in an effort to trick a lawyer or staff member into clicking on a dangerous link or downloading a dangerous attachment. These fraudulent schemes continue to evolve as lawyers and firms become aware of various red flags and danger signs.

The following is a summary of a spear phishing attempt directed at an Ontario law firm, and six tips on how lawyers can protect themselves from such online fraudsters.

A true story of one firm’s close call during an attempted fraud

It began with multiple members of the firm—staff and lawyers—receiving an email, ostensibly from the firm’s receptionist. The address of the sender, as displayed in the “From” line of the email, was an exact duplication of the receptionist’s work address—it contained no misspellings or other obvious signs of being a spoof. The body of the email simply said “please see attached invoice,” and contained an attachment labeled “invoice.”