The danger of ransomware as a threat to your law practice has increased exponentially the past few weeks. You’ve heard about viruses and malware for years and, for those who have never had a data loss, it is easy to become complacent.
Recent events demonstrate how weaponized ransomware has created such a dangerous threat that responsible and cautious lawyers must act to protect both their business operations and their clients.
- Corporations, governments hit by cyberattack (dawn.com)
- Hackers strike across Europe as firms in Ukraine, Denmark and Britain hit by massive cyber attack (telegraph.co.uk)
- Explosive global attack delivers destructive Petya ransomware(helpnetsecurity.com)
- New cyberattack wallops Europe; spreads more slowly in US (stripes.com)
Director of Media Services & Public Affairs
The New York State Bar Association‘s Memorandum in Opposition to H. R. 1215 is available at: http://www.nysba.org/WorkArea/DownloadAsset.aspx?id=73713.
The Houston Bar Association has filed a lawsuit seeking to shut down a fake law firm website that is using the pictures of real lawyers in an apparent scam targeting elderly people.
In reality, the website appears to be operated from South Africa, and it uses photos of lawyers taken from real law firm websites, the suit says.
Fugitive lawyer Eric C. Conn fled the country using a fake passport and help from someone overseas who has given him a job to support himself while on the lam, Conn told the Herald-Leader in an email exchange over the weekend.
Conn, once one of the top disability attorneys in the nation, flew to a country that doesn’t have an agreement to extradite people wanted for crimes in the United States, he told the newspaper.
The IRS, state tax agencies and the tax industry today warned tax professionals to beware of phishing emails purporting to be from a tax software education provider and seeking extensive amounts of sensitive preparer data.
The email’s origin is unknown but likely issued by cybercriminals who could be operating from the U.S. or abroad. The email is unusual for the amount of sensitive preparer data that it seeks. This preparer information will enable the thieves to steal client data and file fraudulent tax returns.
The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.
All tax professionals should be aware that their e-Services credentials, the Electronic Filing Information Number (EFIN), the Preparer Tax Identification Number (PTIN) and their Centralized Authorization File (CAF) number are extremely valuable to identity thieves.Anyone handling taxpayer information has a legal obligation to protect that data.
Because the IRS, state tax agencies and the tax industry, acting in partnership as the Security Summit, are making inroads on individual tax-related identity theft, cybercriminals increasingly target tax professionals. Thieves are looking for real client data so they can better impersonate the taxpayer when filing fraudulent returns for refunds.
The fake email uses the name of a real U.S.-based preparer education firm. Here’s the text as it appears in phishing emails being sent to tax professionals: In our database, there is a failure, we need your information about your account.
In addition, we need a photo of the driver’s license, send all the data to the letter. Please do it as soon as possible, this will help us to revive the account.
*Company Name *
*EServices Username *
*EServices Password *
*EServices Pin *
*Answers to a secret question*
*EIN Number *
*Owner/Principal Name *
*Owner/Principal DOB *
*Owner/Principal SSN *
*Prior Years AGI
Mother’s Maiden Name
If you received or fell victim to the scam email, forward a copy to email@example.com. If you disclosed any credential information, contact the e-Services Help Desk to reset your password. If you disclosed information and taxpayer data was stolen, contact your local stakeholder liaison.
|With the proliferation of services to store files online (e.g. Dropbox, Google Drive, OneDrive, etc.) has come a proliferation of client software for interacting with those services. Cyberduck is a file manager that supports the most popular file storage services. It also supports common protocols like FTP, SFTP, and WebDAV. In addition, Cyberduck can make use of an external editor to provide editing of remote files (e.g., to edit a static website). Users of Amazon’s Simple Storage Service (S3) will find integrated support for the extended features of S3 like file versioning, bucket lifecycles, access control lists, and multi-part uploads. Cyberduck’s integrated support for Cryptomator encryption can encrypt files before uploading them to cloud storage for additional security. Users of multiple services may appreciate Cyberduck’s bookmarking feature. Cyberduck is available for macOS and Windows. [CRH]|