New “Google.docs” Email Phishing Scam Alert: Don’t Trust The Sender of “Important Documents” Link Even If You Know Him

From: [Trusted Lawyer/Colleague]

Sent: Tuesday, March 18, 2014 6:20 AM
Subject: Important Document

Hello, 
Please view the document I uploaded for you using Google docs. CLICK HERE. And sign in with your personal email to view the document is very important. 

Regards.

[Trusted Lawyer/Colleague] 

If you or anyone in your office has received an unsolicited email similar to this, it is almost certainly an email scammer who is “phishing” for someone who will click on the link in the document.  If you happen to click on the link, it may seem like nothing happens.  You might think it is a dead link and forget about it or decide that you are too busy to follow up with the sender.  Or it may take you to an actual Google.docs page that asks you to sign in.  However, by clicking on the link or signing in on the Google.docs page you may have unwittingly allowed a Trojan virus to download to your machine that will allow hackers to gain access to your email account, computer, and perhaps even your server.  The hackers will now be able to read your email correspondence, looking for private, personal identifying information like social security numbers and credit card information of you or your clients.  The hackers may also monitor your ongoing email correspondence looking for keywords that will alert them to opportunities to scam you, your bank, or your email contacts.

The original email you receive is especially tantalizing because the supposed sender of the email is usually someone with whom you have had email correspondence in the past, oftentimes a fellow attorney you know and trust. Instead, the only reason you got this email is because the email account of that person has been hacked, and the hackers are now using his email contacts in an effort to spread their “phishing” expedition.  Also, if you have exchanged electronic documents with that attorney by email in the past, the invitation in the email to get the “very important” document form the Google.docs link may dupe you into thinking that the email is legitimate.

Just in the past week, claims attorneys at Lawyers Mutual have received two emails, purportedly from a couple of North Carolina attorneys, asking the recipient to open the “important documents” link.  We immediately recognized the scams and contacted those attorneys to let them know that it appeared that their email accounts had been hacked.  We have also assisted another attorney after hackers used this same scheme to hack her email account and subsequently send phony instructions to her bank to wire funds out of her trust account.

If you unwittingly click on the link and subsequently realize that you have been hacked, Giovanni Masucci, the President of National Digital Forensics, Inc., in Raleigh, advises that you should immediately shutdown your machine and disconnect it from the network.  You should then get your IT person to run an anti-virus scan on the machine to detect whether it has been infected.  You will also want to change the password to your email account or close it down entirely.  Masucci also says that it is very important not to rely on “free” anti-virus programs.  Instead you need to have licensed versions of Symantec, Norton or similar anti-virus programs that you always keep updated.  Similarly, you need to always update your firewalls and office operating systems such as Microsoft Office and Java.  If you believe you have been hacked by this or a similar scheme, you may also call Lawyers Mutual to see if we can help and then consider whether you will need to contact the appropriate law enforcement authorities and take steps to inform your clients that their personal identifying information may have been compromised.

Warren Savage is a claims attorney with Lawyers Mutual. Warren spends his days counseling lawyers on litigation and appellate practice issues and advising on practice management and ethics conundrums. Contact Warren at 800.662.8843 or warren@lawyersmutualnc.com.