August 14, 2018
I received an e-mail late last Friday afternoon. It was the end of the week and the end of the day, and truth be told, I was trying to get out of the office for the weekend. The e-mail came from a firm client, was sent with “High Importance,” and included the following text: “I sent you a secured Confidential Letter via Microsoft. Let me know if you have any question.”
Admittedly, something less than perfect grammar. But the e-mail address and signature block were spot-on matches, and few of us are absolutely typo-free when firing off e-mails, especially when things are time-sensitive. Our firm occasionally receives correspondence or other files encrypted using Microsoft products, so this was nothing out of the ordinary. So, I have to admit, I opened up the attachment, which included a link to an alleged Microsoft site to “retrieve my document.” Thankfully, at this point, I’m thinking “scam,” and I called the client directly after confirming his phone number separately from the one listed on the e-mail, which also matched. The client had indeed been hacked.
Although we had heard of scams whereby law firms were receiving infected PDF “resumes” from alleged law students looking for clerkships or jobs, those can be avoided or at least viewed with a healthy dose of skepticism before you go down the rabbit hole. However, this is a whole different kind of tricky.
As service provider for highly sophisticated purchasers of legal services and one that prides itself on being extremely responsive, it was tempting to just start clicking after receiving a fairly slick e-mail coming directly from our client’s e-mail address that was marked “High Importance.” And late on a Friday afternoon, I was not far removed from going one click too far.
So be careful out there! If something seems off, it probably is. Pick up the phone and actually call your client. They’ll probably be happy you did. Certainly happier than the phone call where you tell them that your computer system has been hacked and their confidential information may now be at risk.
RegitzMauck PLLC is an intellectual property boutique based in Dallas, Texas. The firm focuses on providing value-based legal services to cost-conscious clients seeking high-quality legal representation in intellectual property, cybersecurity, and data privacy matters and disputes.