"AvoidAClaim" Blog

LAWPRO's blog helps you avoid legal malpractice claims
Subscribe

Protecting Yourself from Cybercrime Dangers: Lock Down and Protect Your Data Wherever it Is

April 16, 2014 By: TimLemieux Category: Fraud prevention

lock-down-computer

Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. LAWPRO encourages all law firms to make dedicated and ongoing efforts to identify and understand their potential cybercrime vulnerabilities, and to take steps to reduce their exposure to cyber-related dangers. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.

Long gone are the days when you had to worry about a single file folder that held all the documents for a particular matter, which you could easily secure by keeping it locked in a file cabinet. Today, client data can exist in electronic form in many different places inside and outside your office. You need to know where that data exists, who can access it, and what steps should be taken to secure and protect it from cyber criminals.

Physical access to servers, routers and phone switches
Protecting your server(s) and other key telecommunications equipment such as phone switches and routers starts with physical security. Intruders who have physical access to a server can get direct access to files and data on the server’s hard drives, enabling them to extract the usernames and passwords of every user on the system, destroy data, or give themselves a backdoor for accessing the server remotely. Even curious employees who want to change settings can unintentionally cause serious problems. Put your servers and other key telecommunications equipment in a locked room to protect them from unauthorized access. Be cautious about any wall jacks for your network in unsecured areas of your office.

Access to devices on startup
To protect the information on them, and the information on any network they connect to, every computer, tablet and smartphone should be configured to require a password at startup. Devices without a startup password allow free and unfettered access to anyone that turns them on.

Better yet, in addition to a startup password, consider encrypting the data on devices. Passwords will prevent the average person from accessing your device, but can be bypassed by people with greater expertise. Encryption will make information on devices far more secure. The operating systems on some devices have built-in encryption capabilities or you can install third party encryption programs or apps.

Put a password on your screensaver
Activating a password-protected screensaver is a simple and very effective way to prevent an unauthorized person from rifling through the data on a computer or other device that’s been inadvertently left on. All versions of Windows and Apple operating systems allow you to add a password to a screensaver. Remember to log out of any applications containing sensitive data and lock your screen when you leave your desk, or set a fairly short wait time on your screensaver so that it locks automatically if you step away. BlackBerry, Android, iOS and Windows mobile devices also have an automatic screenlocking feature.

Access across a network
Almost every law office has a computer network with one or more central servers. Client and firm information can be stored on these servers, making it accessible to everyone in the office. To better protect information from unauthorized access, take time to understand what information is stored on your network servers, and who has access to that information.

“Network shares” make folders available and visible across a network. “Permissions” control what people can do with the data in a folder. Someone with “full access” can create, change or delete a file, whereas someone with “read only” access can open and copy a file, but not delete it. Segment your data and set appropriate access levels (e.g., public, sensitive, very private) so that access to sensitive information is limited or prevented. Remember that privacy legislation requires that you limit access to some types of personal information (e.g., financial and health-related data) on a need-to-know basis.

Restricting access to more sensitive data can help protect it in the event your network is hacked or an unhappy employee with bad intentions goes looking for data. Your desktop or laptop computer can act like a server in some cases, and content on your hard drive could be shared and accessible to someone across a network or through the Internet. To prevent this from happening, you need to make sure that file and printer sharing is turned off on your computer.

Full list of posts in this series:

Breach of franchise agreement scam using the name Junya Suzuki

April 16, 2014 By: FraudInfo Category: Confirmed frauds

An Ontario lawyer notified us that they have been contacted by the purported Junya Suzuki with regards to retaining their services to collect on breach of a franchise agreement.

This is a bad cheque scam (similar to those alleging a breach of an IP or copyright agreement) that presents as legal matter requiring the assistance of a lawyer. In this scam lawyers will be duped into wiring real funds from their trust accounts after depositing a fake cheque received as payment from the party in breach of the agreement (who is also part of the fraud). See our Confirmed Fraud Page for more of an explanation of how these frauds work and to see other names associated with it. Our Fraud Fact Sheet lists the red flags of a bogus legal matter that is really a fraud.

Here is the initial email from the fraudster to the lawyer:


Message from Junya Suzuki suzukijunya8@gmail.com on Wed, 16 Apr 2014 10:46:53 -0500 —–
To:
Subject: GoodMorning


We had a franchise agreement with a company in your district and the agreement has been executed and now defaulted.
We would like to retain you to resolve this matter.
If you are interested please advise us on your initial retainer fee and we shall forward you the agreement
for you review.
Yours Sincerely,

Junya Suzuki

How to handle a real or suspected fraud Read the rest of this entry →

LAWPRO Magazine archives: Social media pitfalls to avoid

April 15, 2014 By: TimLemieux Category: Law Practice Management, Technology

social media
Although social media sites offer lawyers many interesting new ways to interact with people in both personal and work spheres, there are some risks associated with using them. Some of these risks are obvious, some are not.

Before they venture into social networking, lawyers should consider Section 5.5 of the Law Society’s Practice Management Guideline on Technology (“Technology Guideline”). It states, “Lawyers should have a reasonable understanding of the technologies used in their practice or should have access to someone who has such understanding.”

This article from the December 2009 “Social Media” edition of LAWPRO Magazine, will help you undertand some of the dangers inherent in the use of social networking tools, and help you more safely exploit the great marketing opportunities they offer.

Commercial debt collection scam using the names Richard Tena and Smart Service Electric

April 15, 2014 By: FraudInfo Category: Confirmed frauds

An Ontario firm notified us that they received an email from the purported Richard Tena of Smart Service Electric looking to retain them with regards to a commercial debt collection.

This is a classic bad cheque scam that presents as legal matter requiring the assistance of a lawyer. In this scam lawyers will be duped into wiring real funds from their trust accounts after depositing a fake cheque received as payment from the debtor (who is part of the fraud). See our Confirmed Fraud Page for more of an explanation of how these frauds work and to see other names associated with it. Our Fraud Fact Sheet lists the red flags of a bogus legal matter that is really a fraud.

Here is the initial contact email sent by the fraudster to the lawyer:

From: Richard Tena [mailto:tenarichard4@gmail.com]
Sent: April-12-14 8:58 PM
To: undisclosed-recipients:
Subject: Dear Counsel

Dear Counsel,
Smart Service Electric an electrical company in Arizona needs your help to
collect debt in your jurisdiction. Please get back to me via email/telephone
and I shall give you details as soon as you reply.

Richard Tena
President
Smart Service Electric
1522 W Todd Dr
Tempe, AZ 85283
602 753 0613
tenarichard4@gmail.com

How to handle a real or suspected fraud Read the rest of this entry →

Business loan collection scam using the name Albert Dan

April 15, 2014 By: FraudInfo Category: Confirmed frauds

Two Ontario firms notified us that they received an email from the purported Albert Dan looking to retain them with regards to a breach of a business loan agreement.

This is a classic bad cheque scam that presents as legal matter requiring the assistance of a lawyer. In this scam lawyers will be duped into wiring real funds from their trust accounts after depositing a fake cheque received as payment from the debtor (who is part of the fraud). See our Confirmed Fraud Page for more of an explanation of how these frauds work and other names associated with it , and our Fraud Fact Sheet for a list the red flags of a bogus legal matter that is really a fraud.

Here is the initial contact email sent by the fraudster to the lawyer, and subsequent reply:

From:
Albert Dan zailaharuya1@gmail.com
To: undisclosed-recipients:;
Date:
15/04/2014 02:39 AM
Subject:
YOUR LEGAL ASSISTANCE NEEDED…

Hello,

Haven gone through your profile, I believe you will be able to help
me. I borrowed money to my in-law who has paid me only 20 percent of
the money and has refused to pay me the balance so I want legal action
to be taken. Your urgent assistance will be highly appreciated. Send
your reply to my alternative email: danalbert22@outlook.com

I await your response.

Regards
Mr Albert Dan

Replying to the email brought this response:

Sorry for the delay in responding to your email, it’s as a result of my failing health. I lent to my son In-law Mr. Nathaniel Smith the sum of $570,000; He needed this loan to complete/facilitate payment & purchase of building machinery and equipment. My son in-law currently resides in your city and also has a private residential property there at which the loan was secured. The loan was for 2 years and interest rate of 8.5%. The capital and interest were supposed to be paid on before the 6th of August 2013 but has only paid $114,000 and has continued promising to make the balance payment each time I ask.

I reside in Japan but receiving treatment in the UK. I do not know when best to call you to set up a consultation due to the time differences between my location and yours. Please feel free to ring me via +447509756715 any time. I have known him for over 5 years prior to granting him the loan. I am in constant contact with him and even though He has promised to pay the balance, I think the threat or possibility of litigation would serve as a catalyst to make him pay soon. Find attached the Loan Agreement and my passport.

I expect this to be a non-litigation collection from the borrower but I am prepared to litigate this matter if He is not ready to pay the balance owed. This loan is not in dispute. The present economic down turn has been cited by him as the reason for delayed payment. He has continually requested for more time, however I strongly believe that the introduction of legal pressure may initiate immediate payment from him. I will deeply appreciate if you can assist me as I need the money to settle a lot of bills including medical bills.

I know there is a lawyer-client retainer fee that may be paid in the process of the exercise, pending your conditions. Kindly, send me an engagement letter so that we can proceed with this issue with him. I want to also let you know that my illness have caused some strain in my finance as I am currently leaving on dialysis. I am open to either an hourly or contingency fee basis. Please advice which works better for you. Please do forward me your retainer agreement and your terms for my review.

Hope to hear from you.

Best Regards
Mr. Albert Dan
albertdandanalbert@outlook.com
+81368908562
6-23, Aoyama 6-chome, Minato-ku, Tokyo, Japan

How to handle a real or suspected fraud Read the rest of this entry →

In the Lending Library: Locked Down: Information Security for Lawyers

April 14, 2014 By: TimLemieux Category: Law Practice Management, Legal technology, Risk management strategies, Technology

In the paper world keeping client data confidential was easy and cheap. In the digital world, its difficult and expensive, and the job is never truly done.

The authors of Locked Down (Sharon D. Nelson, David G. Reis and John W. Simek) believe that law firms are not doing enough to protect electronic client data. The reason for this is a combination of ignorance of the IT world, expense and a belief that “it can’t happen to us”. As a result, law firms are being specifically targeted by hackers who consider them easy pickings.

This book is an attempt to explain the wide variety of information security risks facing law firms and how lawyers can best protect their data, whether they have a large budget or small. It covers such topics as:

  • creating secure passwords
  • working securely from laptops and smartphones
  • developing information security checklists for your firm
  • protecting mobile devices from theft

This is good reading to go along with practicePRO’s Managing the Security and Privacy of Electronic Data in a Law Office.

The practicePRO Lending Library is a free resource for Ontario lawyers of more than 100 books on a wide variety of law practice management related topics. You can see a full listing of our books here. You may borrow a book in person or via e-mail.

The practicePRO Library is located in our office at 250 Yonge Street, Suite 3101 in Toronto and can be visited during our regular business hours (Mon to Fri, 8:30 to 5:00). We invite you to come by anytime to peruse our selection. All titles in the practicePRO Lending Library can be shipped to Ontario lawyers at our expense, and returned at yours after three weeks.

If you would like to borrow this or any other book please email us. Most of our titles are also available from the ABA Web Store or the major booksellers here in Canada.

Protecting Yourself from Cybercrime Dangers: Stump Hackers by Changing Key Default Settings

April 14, 2014 By: TimLemieux Category: Fraud prevention

hacker

Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. LAWPRO encourages all law firms to make dedicated and ongoing efforts to identify and understand their potential cybercrime vulnerabilities, and to take steps to reduce their exposure to cyber-related dangers. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.

Changing the default settings for the hardware and software used in your office is another critical step in safeguarding the security of your data and protecting yourself from cybercrime. This is probably the most technical of the steps outlined in this article and you may need expert help.

Every computer operating system, program, and app, and every piece of hardware has certain preset or default settings. These are necessary to make them operate out of the box in a consistent manner that the vendor and user will expect.

However, these default settings are common knowledge (and if you don’t know them, you can find them with Google in about five seconds), and hackers can use them to compromise a network, computer or other device. For example, if the administrator account on a computer is named “Administrator” (it frequently is), a cyber criminal only has to work on figuring out the password to hack into a system or device. If you change the name of the Administrator account to something different, your computer is much safer as the hacker has to work much harder to figure out both the name of the administrator account and its password.

You can make your systems much safer by changing the following key default settings:

  • administrator account names
  • server names
  • nework or workgroup names
  • ports (change to non-standard ports and close standard portsthat you don’t use)
  • standard share names

Full list of posts in this series:

Commercial debt collection scam using the names Mark Kondziola and Kondo Machine Tool LLC

April 14, 2014 By: FraudInfo Category: Confirmed frauds

Two Ontario firms notified us that they received an email from the purported Mark Kondziola of Kondo Machine Tool LLC looking to retain them with regards to a commercial debt collection.

This is a classic bad cheque scam that presents as legal matter requiring the assistance of a lawyer. In this scam lawyers will be duped into wiring real funds from their trust accounts after depositing a fake cheque received as payment from the debtor (who is part of the fraud). See our Confirmed Fraud Page for more of an explanation of how these frauds work and to see other names associated with it. Our Fraud Fact Sheet lists the red flags of a bogus legal matter that is really a fraud.

Here is the initial contact email sent by the fraudster to the lawyer:

From: KONDO MACHINE TOOL LLC. [mailto:wolfgang1st@verizon.net]
Sent: April-11-14 10:22 AM
To: Undisclosed recipients:
Subject:

Dear Counsel,
I wish to request for your legal services and possible representation on a legal matter involving a client in your jurisdiction. Please,do let me know if your office is currently accepting new clients.
Sincerely,
Mark Kondziola.
Owner,
KONDO MACHINE TOOL LLC.
4451 Ace Commercial Court
Bay City, MI 48706.

How to handle a real or suspected fraud Read the rest of this entry →

Protecting Yourself from Cybercrime Dangers: Keep the Bad Guys Out With a Firewall On Your Internet Connection

April 11, 2014 By: TimLemieux Category: Fraud prevention

Cybercrime dangers are many, complex and ever-changing. Hardly a day goes by without another news report of a data breach or other cyber-related scam or theft. Cyber criminals have considerable resources and expertise, and can cause significant damage to their targets. Cyber criminals specifically target law firms as law firms regularly have funds in their trust accounts and client data that is often very valuable. LAWPRO encourages all law firms to make dedicated and ongoing efforts to identify and understand their potential cybercrime vulnerabilities, and to take steps to reduce their exposure to cyber-related dangers. This article, from the December 2013 issue of LAWPRO Magazine, reviews the specific cybercrime dangers law firms need to be concerned about, and how they can mitigate their risks.

When you are connected to the Internet, the Internet is connected to you. For computers to transmit data back and forth over the Internet, lines of communication must be established. These communications work through “ports” that are opened on each computer. The problem is that all the computers on the Internet can see one another, and these ports can allow unauthorized people to access the data on a computer and even take control of it.

Regardless of how your office connects to the Internet, your computer systems must be protected by a firewall – a type of electronic gatekeeper that ensures all incoming and outgoing communications are legitimate. A firewall watches these ports and will warn you about or prevent unauthorized communications.

Firewalls come in two varieties: software and hardware. Software firewalls are easier to set up, usually protect a single computer, and are adequate for personal or small firm use. Hardware firewalls are usually used to protect an entire network of computers. The more recent versions of both the Windows and Mac operating systems have a built-in firewall that you should enable. High-speed modems generally include a basic firewall. If you are using remote access software, you should consider using a hardware firewall to better protect the ports that must be opened for the remote access software to work.

Full list of posts in this series:

Separation agreement scam using the name Farah Dae-du

April 11, 2014 By: FraudInfo Category: Confirmed frauds

Lawyers in Ontario, Washington state and Illinois notified us that they received an email from the purported Farah Dae-du looking to retain them with regards to a collecting overdue payments resulting from a separation agreement.

This is a classic bad cheque scam that presents as legal matter requiring the assistance of a lawyer. In this scam lawyers will be duped into wiring real funds from their trust accounts after depositing a fake cheque received as payment from the debtor (who is part of the fraud). See our Confirmed Fraud Page for more of an explanation of how these frauds work and to see other names associated with it. Our Fraud Fact Sheet lists the red flags of a bogus legal matter that is really a fraud.

Here is the initial email sent by the fraudster to the lawyer:

From: Farah Dae-Du [mailto:farah.dae-du@hotmail.com]
Sent: Thursday, April 10, 2014 8:14 AM
Subject: I NEED AN URGENT LEGAL ASSISTANCE‏

Dear Counsel,

I wish to file a case against my ex-husband for failure to fulfill court ordered payments of Child Support, Spousal Support, Equitable Distribution and Medical Support in our separation agreement. Kindly respond to confirm your readiness to assist so i can furnish you with more details.

I will also need a referral email or link if this is not your field of practice.

I am earnestly await your reply.

Warmest Regards,

Ms Farah.

How to handle a real or suspected fraud Read the rest of this entry →