Information has become the currency of the economy and all of that information flows through technology these days. Cyber criminals know this and take full advantage it. Take for example, lawyers. One of the biggest security threats that lawyers face these days are scams that are directed specifically at lawyers. The reality is that the type of information that lawyers tend to hold on behalf of their clients, in terms of their own work product, is sensitive, valuable information, and therefore it’s desirable to people. Lawyers also tend, through trust accounts in particular, to hold large amounts of money at any given time, and that’s become another target that some of the scammers have gone after. They’ve been trying to access those accounts, especially through check fraud scams.
So how do you protect yourself from scams online? Well, most of these scams are coming in, at least initially, through email. So it’s really important that you have a good strategy to filter your email and make sure that you’re separating the legitimate emails from the scams and the spam. One easy way that you can do that, or a good step in that direction, is to make sure that you’re separating out your work email from your personal email. I would suggest that you try to keep your work email address, your company’s email address, or your organization’s email address, solely for work purposes. Don’t use it to sign up for movie tickets or online shopping accounts or for your personal travel. Don’t do anything like that. Try to limit that email address just to work communication. Setup a separate email address, or more than one separate email address, and use that for your personal communications. I would even suggest setting up a third account that you use just to sign up for things. So if you’re signing up for an online website and you need an email address to enter, if you’ve got a third address, that’s just going to help you separate out the email even more.
Why do we do this? Well we do it because, this way, we know that the email coming in to our work address is more likely to be legitimate, and that creates an instant filter. It’ll make the bad emails stand out more rather than coming in a flood of other spam that we’re having to go through manually. So it’s a good and simple way of protecting yourself.
Next, it’s important to make sure that you are looking carefully at the emails that do come through to make sure that there’s no obvious signs that they’re a scam. Here’s an example of an email that I pulled up that I received several years ago, but I saved, because it’s a good example of one of these scam emails. Now this sets off a lot of different alarms for me. As I look at it, the first thing I notice is the name of the company, “Epppicard,” which I’ve never heard of. I certainly don’t have an account with them. So that’s an obvious warning sign. The name of the company itself, “Epppicard,” spelled with multiple Ps, seems sort of odd. It’s nothing I’ve heard of, so that’s another alarm. I notice it’s directed to “undisclosed-recipients” rather to a specific email address. This is often the way that they mask scam emails that are sent to large numbers of people. The subject line is not terribly descriptive. It just says something that’s an urgent notice. That’s something that you’ll often see, is that these scam emails are often marked urgent or with a specific due date. They’re trying to motivate you to move quickly without giving a lot of consideration to the content.
Within the body of the email, I’m referred to as “Dear Customer” rather than by name. That’s not a dead giveaway because some of the scammers will find ways of grabbing your name and including them in the message, but it’s another sign. Throughout the email, you’ll notice that there are misspellings. There’s a lack of punctuation. There’s a general nonprofessional tone to the email, because it doesn’t read like a legitimate business email. You’ll notice other things like it tells you to call a local number or a toll free number, but if you look at the toll free number, it’s in fact not a toll free number at all.
There’s no images or graphics. It’s just a simple text email. Again, not a complete giveaway, but it’s an indication. Lot’s of different factors that add up to make me suspicious if I get this email. What I would do, if this was coming from a company that I actually did do business with, is just close the email and call the company directly. I would do this if I had some suspicion that it might be real but I wasn’t entirely sure if it was real or a scam. Don’t feel like you’re obligated to click on a link that’s in the email or call a number that’s listed in the email. In fact, you don’t want to do that. Go to the website. Make sure that you’re looking at the real customer service line and call that number.