Be wary of phishing schemes this holiday season

In this holiday season of giving, there are agents of evil online whose mission is to trick you into involuntary “giving.”

Credit: Skórzewiak/Adobe Stock

“Phishing: A technique for attempting to acquire sensitive data through a fraudulent solicitation by e-mail in which the perpetrator masquerades as a legitimate business or reputable person.”

In this holiday season of giving, there are agents of evil out there whose mission is to trick you into involuntary “giving.” They are the phishers, who may sometimes pose as your friend, your colleague, your same area code number or a member of your family. They can be creative and insidious but, be sure, they are relentless in their efforts to pick your wallet. We all have stories of both personal and professional solicitations which are not as they seem.

You can add your own anecdotes of how you reacted to attempts to dupe you as a lawyer. For example, “You have a New Potential Client Match … Review Case Details below for free,” or such an inquiry as “If you can handle the enclosed investor agreement, please respond for details.” These kinds of solicitations may be legitimate or may be a scam.

Some recent ones of which we have become aware that were scams include: [From the firm’s managing partner] “What time will you be in today?” You reply and you are hooked.

And perhaps the most creative come-on: [Your firm] “recently sent out a phishing test to check if their users can spot phishing e-mails. You recently clicked on one of these phishing tests and have been enrolled in Remedial Training to help strengthen your cybersecurity skills. You must complete this training by [date]. To log in for your training, copy and paste the below link into your browser and navigate to the page [link]. In the future, be sure to read your e-mails more carefully to avoid falling for a simulated phishing test or a real phishing attack.”

That one seems so real that you would immediately click the link before bothering to check with your IT person, or department to verify such a benign request.

There is no perfect way to determine the legitimacy of e-mails that are not in the ordinary course of your practice. Two suggestions are: (1) maintain a healthy level of suspicion if anything seems odd or unusual about the e-mail; and (2) on an iPhone, click on the blue “Details” which will turn the sender’s name blue, then click on the blue name and the sender’s e-mail address will appear.

With good fortune and with vigilance during this giving season, you will hopefully avoid the scam that may be coming for you.

Related: