The danger of ransomware as a threat to your law practice has increased exponentially the past few weeks. You’ve heard about viruses and malware for years and, for those who have never had a data loss, it is easy to become complacent.
Recent events demonstrate how weaponized ransomware has created such a dangerous threat that responsible and cautious lawyers must act to protect both their business operations and their clients.
- Corporations, governments hit by cyberattack (dawn.com)
- Hackers strike across Europe as firms in Ukraine, Denmark and Britain hit by massive cyber attack (telegraph.co.uk)
- Explosive global attack delivers destructive Petya ransomware(helpnetsecurity.com)
- New cyberattack wallops Europe; spreads more slowly in US (stripes.com)
Director of Media Services & Public Affairs
The New York State Bar Association‘s Memorandum in Opposition to H. R. 1215 is available at: http://www.nysba.org/WorkArea/DownloadAsset.aspx?id=73713.
The Houston Bar Association has filed a lawsuit seeking to shut down a fake law firm website that is using the pictures of real lawyers in an apparent scam targeting elderly people.
In reality, the website appears to be operated from South Africa, and it uses photos of lawyers taken from real law firm websites, the suit says.
Fugitive lawyer Eric C. Conn fled the country using a fake passport and help from someone overseas who has given him a job to support himself while on the lam, Conn told the Herald-Leader in an email exchange over the weekend.
Conn, once one of the top disability attorneys in the nation, flew to a country that doesn’t have an agreement to extradite people wanted for crimes in the United States, he told the newspaper.
The IRS, state tax agencies and the tax industry today warned tax professionals to beware of phishing emails purporting to be from a tax software education provider and seeking extensive amounts of sensitive preparer data.
The email’s origin is unknown but likely issued by cybercriminals who could be operating from the U.S. or abroad. The email is unusual for the amount of sensitive preparer data that it seeks. This preparer information will enable the thieves to steal client data and file fraudulent tax returns.
The IRS reminds all tax professionals that legitimate businesses and organizations never ask for usernames, passwords or sensitive data via email. Nor should a preparer ever provide such sensitive information via email if asked.
All tax professionals should be aware that their e-Services credentials, the Electronic Filing Information Number (EFIN), the Preparer Tax Identification Number (PTIN) and their Centralized Authorization File (CAF) number are extremely valuable to identity thieves.Anyone handling taxpayer information has a legal obligation to protect that data.
Because the IRS, state tax agencies and the tax industry, acting in partnership as the Security Summit, are making inroads on individual tax-related identity theft, cybercriminals increasingly target tax professionals. Thieves are looking for real client data so they can better impersonate the taxpayer when filing fraudulent returns for refunds.
The fake email uses the name of a real U.S.-based preparer education firm. Here’s the text as it appears in phishing emails being sent to tax professionals: In our database, there is a failure, we need your information about your account.
In addition, we need a photo of the driver’s license, send all the data to the letter. Please do it as soon as possible, this will help us to revive the account.
*Company Name *
*EServices Username *
*EServices Password *
*EServices Pin *
*Answers to a secret question*
*EIN Number *
*Owner/Principal Name *
*Owner/Principal DOB *
*Owner/Principal SSN *
*Prior Years AGI
Mother’s Maiden Name
If you received or fell victim to the scam email, forward a copy to firstname.lastname@example.org. If you disclosed any credential information, contact the e-Services Help Desk to reset your password. If you disclosed information and taxpayer data was stolen, contact your local stakeholder liaison.
|With the proliferation of services to store files online (e.g. Dropbox, Google Drive, OneDrive, etc.) has come a proliferation of client software for interacting with those services. Cyberduck is a file manager that supports the most popular file storage services. It also supports common protocols like FTP, SFTP, and WebDAV. In addition, Cyberduck can make use of an external editor to provide editing of remote files (e.g., to edit a static website). Users of Amazon’s Simple Storage Service (S3) will find integrated support for the extended features of S3 like file versioning, bucket lifecycles, access control lists, and multi-part uploads. Cyberduck’s integrated support for Cryptomator encryption can encrypt files before uploading them to cloud storage for additional security. Users of multiple services may appreciate Cyberduck’s bookmarking feature. Cyberduck is available for macOS and Windows. [CRH]|
The idea is one of several under consideration as the U.S. Judicial Conference considers the impact of disclosure, the Wall Street Journal (sub. req.) reports.
A recent survey (PDF) of federal judges, prosecutors, defenders and probation offices by the Federal Judicial Center found that nearly 700 witnesses and informants perceived as snitches had been threatened, wounded or killed over a three year period.
U.S. District Judge Lewis Kaplan of Manhattan told the U.S. Judicial Conference’s criminal rules committee in April that PACER is part of the problem, according to the Wall Street Journal account. Though federal inmates don’t have PACER access, they often get information from others.
“Anonymous remote public access to PACER is a source of much of the information that gets into prisons about who is cooperating,” Kaplan said.
New Phone Scam Involves Bogus Certified Letters
Beware of a new scam linked to the Electronic Federal Tax Payment System (EFTPS), in which fraudsters call to demand an immediate tax payment through a prepaid debit card. This scam is being reported across the country.
The Internal Revenue Service today warned people to beware of a new scam linked to the Electronic Federal Tax Payment System (EFTPS), where fraudsters call to demand an immediate tax payment through a prepaid debit card. This scam is being reported across the country, so taxpayers should be alert to the details.
In the latest twist, the scammer claims to be from the IRS and tells the victim about two certified letters purportedly sent to the taxpayer in the mail but returned as undeliverable. The scam artist then threatens arrest if a payment is not made through a prepaid debit card. The scammer also tells the victim that the card is linked to the EFTPS system when, in fact, it is entirely controlled by the scammer. The victim is also warned not to contact their tax preparer, an attorney or their local IRS office until after the tax payment is made.
“This is a new twist to an old scam,” said IRS Commissioner John Koskinen. “Just because tax season is over, scams and schemes do not take the summer off. People should stay vigilant against IRS impersonation scams. People should remember that the first contact they receive from IRS will not be through a random, threatening phone call.”