A Scam by Any Name
While in Florida on a family trip to the New York Mets’ spring training facility in March, Todd Higgins suddenly found himself con-sumed by a series of e-mails on his BlackBerry.
The first one questioned a copyright suit his firm supposedly filed on behalf of a Polish music company, Lumberton Trading. Higgins, a New York City IP lawyer, had never heard of the company. As the weekend wore on, his BlackBerry kept alerting him to more e-mails about the lawsuit that his firm, Crosby & Higgins, supposedly had filed on behalf of Lumberton.
“We launched an internal investigation with our [Internet] provider, and I confirmed that it was a spoofing e-mail that had been made to look like it came from our firm, but clearly it had not,” Higgins says. An attachment, labeled as the complaint, was actually a virus. “At that point,” he adds, “I knew it was about to become a crisis.”
During the next four days his six-lawyer firm received nearly 500 e-mails about the lawsuit, Higgins estimates.
In response, the firm put a notice on its website warning about the e-mails. When that didn’t help, the firm put up a “splash page”—an introductory first page—over its webpage detailing what happened. “The thing about this scam that’s noteworthy is that people are conditioned to take legal issues far more seriously than other things,” says Higgins. He notes that while the e-mail did seem somewhat suspicious—it’s addressed “To whom it may concern,” the word infringement is misspelled, and there’s no mention of a specific court—people needed confirmation it was a hoax.
After Higgins thought his firm was done with the virus, they began to receive mutated versions of it; this time the “client” name had changed.
Thankfully he adds, most recipients’ anti-virus software prevented them from opening the attachment and no real damage was done.
Nonetheless, “if we don’t have confidence in the legality of the communications we receive, that’s a major threat,” says Higgins, who uses e-mail to communicate with clients, file papers and receive court notifications.
Crosby & Higgins, it turns out, was one of the latest victims of a growing number of e-mail viruses and scams targeting lawyers and their clients.
Earlier this year, six Hawaiian law firms were targeted in another e-mail scam, according to a U.S. Department of Justice alert. The firms, according to the DOJ statement, were contacted by “prospective clients overseas” who were seeking legal representation. The firms received retainers in cashier’s checks for far more than what was due. When the law firms inquired what to do with the difference, the senders asked that the money be sent to them via wire transfer to South Korea, Taiwan and Canada. The law firms deposited the cashier’s checks and made the transfers before learning that the checks were counterfeit. Collectively, those firms lost more than $500,000.
According to the FBI’s Honolulu office, the scam is common, but this could be the first time it was used to target law firms. “I think most attorneys are smart enough to just delete these e-mails, or regard them with suspicion,” says FBI Special Agent Thomas Simon.
Some people, he adds, find it funny that lawyers are getting scammed.
“I remind people that while we all like to have a good laugh at attorneys occasionally,” Simon says, “they deserve to be treated as crime victims, just like anyone else.”