We are all familiar with the Nigerian scams, and can usually spot a scam however our office was recently “probed” by a very sophisticated scam.

First of all, the email correspondence was well written, no typos, bad grammar, etc. It came from an Asian company with a link to their website in the email. The company really existed. They wanted us to collect debt from a Hawaii company that really exists and the connection between the two companies made sense (one manufactures an item that the local company installs) The BIG hook was that they used the NAME OF AN ATTORNEY FORMERLY ASSOCIATED WITH OUR FIRM AS A REFERRAL!! Unfortunately, this attorney received a cold call and was asked for the name of a Hawaii law firm that could help them and he did indeed give them our name.

The scammers hook the attorney into an attorney/client relationship (thus barring you from reporting them), then request funds to be sent immediately upon receipt of funds from the local company. (you get a check from the local company for “amounts due”, you deposit it, then wire the funds out before making sure the local check has cleared) Attorneys on the mainland have had hundreds of thousands stolen from their IOLTA accounts.
Things that should set off alarm bells:

1. The urgency of acting quickly. You must do due diligence.
2. Client wanting funds before checks deposited have cleared your IOLTA account;
3. When a logical referral name is used, check with the referral source about the legitimacy of the referral.
4. They make excuses that they cannot find a convenient time to talk on the phone, they strictly stick to email correspondence.
5. The email is different from the company email.

Make sure your attorneys do not make referrals to cold callers, let the HSBA referral line do that.

We have had a staff meeting regarding this latest development so everyone in the firm is aware. I have attached some info to supplement any staff meeting you wish to have.

lawyers targeted.pdf

The bad guys are especially savvy at giving you what you expect.  If you’re expecting a rebate check, you may receive an email about claiming your check.  Or if you’re a PayPal user, you may receive an email about your PayPal account and the need to ‘update your records by clicking here.’

In both cases, the emails contained payloads which – if you clicked on the links – quietly installed viruses on your computer.

The latest scam uses the same kind of social engineering tactics.  Instead of an email, the cybercriminals will send you a fairly official looking pop-up which says,

“WARNING! Viruses detected on your computer.  Click OK to remove.”

If you click OK, you risk getting infected, let alone being conned into buy software which doesn’t work.

If you see one of those messages and you’re not sure if it’s legitimate, you should NOT click on anything on that pop-up, including the ‘X’ in the top, right-hand corner.

Everything from the ‘Yes’ to the ‘No’ to the ‘X’ in the top right corner may contain  a payload of malicious software.  Your computer risks infection just by clicking on anything in that warning message.

Instead, do this:  Alt + F4.

In other words, to close the window, hold down the Alt key and hit F4.

So how bad is rogue security software?  Fake antispyware and antivirus programs have been around for a few years now, but we’ve noticed more computers coming in with this problem.  We are now so conditioned to keep our computers clean, we respond almost automatically to any urgent requests to remove viruses.  The bad guys know this, hence the ‘scareware.’

For a growing list of fake programs masquerading as the real thing, go here: http://en.wikipedia.org/wiki/Rogue_software

Be careful of wolves in sheep’s clothing.

The Problem:
Have your seen this email?

“I received a telephone call last evening from an individual identifying himself as an AT&T Service technician who was conducting a test on telephone lines. He stated that to complete the test I should touch nine(9), zero(0), the pound sign (#), and then hang up.

Luckily, I was suspicious and refused.

Upon contacting the telephone company, I was informed that by pushing 90#, you give the requesting individual full access to your telephone line, which enables them to place long distance calls billed to your home phone number.

I was further informed that this scam has been originating from many local jails/prisons I have also verified this information with UCB Telecom,Pacific Bell, MCI, Bell Atlantic and GTE. Please beware.

DO NOT press 90# for ANYONE.

The GTE Security Department requested that I share this information with EVERYONE I KNOW.

After checking with Verizon they said it was true, so do not dial (9),zero(0), the pound sign # and hang up for anyone.

PLEASE HIT THAT FORWARD BUTTON AND PASS THIS ON TO EVERYONE YOU KNOW.”

Is it true? By pushing 90# on my landline, am I really relinquishing access to my phone?

The Solution:
Hacking, cracking, freaking, phishing, spoofing…. There’s so much to worry about these days when using the internet it’s surprising we hop online at all!

Fortunately, it doesn’t take much to be relatively safe. Of course, you’ll need to safeguard your computer with the usual prescription: firewall, antivirus solution, antispyware solution, updates, etc. When it comes to questionable e-mails like the one above, you will also need a good dose of skepticism.

The internet is full of lies. Just take a look at some of the stuff making it into your inbox. A lot simply aren’t true.

When you see something that seems a little over the top, take a moment and check its validity before forwarding it to your friends and family. A good place to start is TruthOrFiction.com, where you can check out everything from urban legends to pleas for help. To see what they have to say about the above email, go to their website and search on ‘90#’. (You didn’t think I will divulge the answer here, did you?!)

Other useful sites for questionable e-mails are:

HoaxBusters
Snopes
Break the Chain

All of them make for great reading. Enjoy!

A worm is a self-replicating virus that does not alter files but resides in active memory and duplicates itself.

Worms use parts of an operating system that are automatic and usually invisible to the user.

It is common for worms to be noticed only when their uncontrolled replication consumes system resources, slowing or halting other tasks.

What Is A Trojan Horse?

Trojan horses are malicious programs disguised as something benign. They’ve been known to pose as games, utilities, and email attachments. Once opened, Trojan horses act much differently than you expect. Some merely annoy, sending emails to everyone in your address book. Others do serious damage, to the point of stealing passwords and data files. Unlike viruses, Trojan horses are not self-replicating.

Active Trojan horses are an advanced type of Trojan horse. They use unprotected ports to open lines of communication with your computer, and they can ultimately give hackers control over your machine. Active Trojan horses are also called Remote Access Trojans.