Bogus Secretary of State Notices
Attorney General Bob Ferguson is warning of a scammer posing as the Secretary of State’s Office targeting Washington small businesses. The scam letters demand payment well beyond the cost of state business filings, and threaten business owners with fines or dissolution of their business for failing to comply. The Secretary of State has also received reports of similar telephone scams targeting Latino businesses, where they were also threatened with jail.
Since early November, the Attorney General’s Office has received at least 40 complaints about these letters, which ask for payments to be sent to “State of Washington Business Entities.”
“Scammers can be sophisticated, but don’t be fooled,” Ferguson said. “Be on the lookout for signs of a scam. If you think you’ve been the target of a scam, contact my office.”
The letters, which include the Washington state seal, are designed to look like official government communications. In addition to demanding excessive fees, they threaten late fees or penalties for failing to pay in a timely manner. One example showed a “billing summary” of more than $200 for filings that are either unnecessary or could be done directly with the Secretary of State for much less.
The letters are addressed to businesses directly and can have their Unified Business Identifier (UBI) number, making the letter appear official. However, business names and UBIs are publicly available, not confidential.
There are clues that the letter is a scam. For example, a letter shared with the Attorney General’s Office lists a Sacramento, Calif., address in its letterhead for the Washington Secretary of State, as well as a post office box in “Olympia, CA.” The QR code on the letter directs business owners to a website ending in .org, as opposed to the real Secretary of State’s website, which ends in .gov.
If you receive a letter like this, contact the Secretary of State’s office to inquire about the status of your business filings. If you have already paid after receiving a letter, consider stopping payment through your financial institution.
Anyone who believes they may be the target of a scam should file a complaint with the Attorney General’s Office.
Counterfeit Check Scam
According the FBI, a counterfeit-check scheme is targeting law firms engaged in collections work by deceptively contracting their services to ultimately defraud them. It may focus on any type of representation where a lawyer is hired to assist in the transfer or collection of money, e.g. real estate, collection matters, collaborative law agreements in family matters, etc. This scenario continues to be replayed as part of a sophisticated scam that targets collections lawyers and the scope is constantly evolving.
How the Scheme Works:
- A law firm is contacted regarding representation in an alleged debt collection matter by what appears to be a legitimate prospective client.
- The law firm agrees to help and sends a demand letter to the alleged debtor.
- The Debtor immediately agrees to pay the debt and sends what appears to be a valid cashier's check to the law firm.
- The law firm deposits the check into their client trust account and transfers the value to the Creditor via wire, less any legal fees agreed upon.
- The law firm's bank then discovers that the check is actually fraudulent and the trust account is charged back the value of the check.
- Because the wire has already been sent to the Creditor, the law firm is left to suffer the financial loss.
Variations of the Scheme
Though the structure of the scheme is primarily the same, there can be some variation regarding the reasoning for the debt and engagement of services as well as the types of fraudulent checks.
In one common scenario, the subject alleges to be collecting a debt from a family member through marriage. The debtor's name is usually something innocuous and common, likely to increase the chances of someone by that name residing in the victim's area.
In another variation, the alleged debtor is a business and the purported dispute is over a workplace injury complaint. The name of a legitimate global technology company is currently being used in this type of scheme. However, in these scenarios, the victim may be a genuine business who is themselves a victim, or a fraudulent business designed by the subject to facilitate the scheme.
Many of the cashier's checks involved in this counterfeit check scam are seemingly drawn from a genuine Canadian bank, likely increasing the time it takes to verify the validity of the check and available funds.
The creditor is also often located internationally, which is used to assist the scheme by offering justification for delayed communication and/or other excuses the subject employs throughout the scheme.
How to Protect Yourself
Be suspicious of requests or pressure to take action quickly. A number of potential victims were able to successfully identify the fraudulent check by adhering to policies which required a delay or hold on the funds until confirmation that the debtor's check had indeed cleared into their client trust accounts.
Consider additional financial security procedures, such as two-step verification or telephone calls (subjects tend to prefer written correspondence), to verify transaction details and identity information, prior to wiring funds.
Contact your financial institution immediately and request that they contact the financial institution where any wire transfer was sent to determine if it is able to be recalled or the funds frozen in the deposit account.
The FBI requests victims of an internet crime file a complaint with the Internet Crime Complaint Center at www.ic3.gov.
.Phishing. Not Your Dad's Favorite Pastime
Phishing is category of online scams. Cybercriminals use deceptive tactics to trick individuals into sharing sensitive information, such as usernames, passwords, credit card numbers, or other personal details. Often disguised as legitimate communications
from trusted entities, phishing attacks human vulnerability rather than relying solely on technical hacking skills. The schemes typically start with an email, text message, or social media post that appears to be from a reputable source like a bank,
government agency, or popular service provider. These messages often use persuasive language, invoking urgency or fear to compel immediate action.
Types of Phishing
Email Phishing. Cybercriminals send mass emails designed to appear legitimate, often addressing the recipient with vague greetings like "Dear Customer. "
To avoid being a victim, be cautious of messages with urgent or threatening language. Check the sender's email address for discrepancies. Fraudsters often use addresses that resemble legitimate ones but with subtle differences (e.g., support@amzon-service.com).
Spear Phishing. A more targeted attack, where scammers gather personal information to create a convincing, tailored message.
To avoid being a victim, watch out for suspicious links, and do not click them. Hover over links to preview the URL before clicking. Look for misspellings or unfamiliar domains in the URL.
Smishing. Phishing with SMS text messages.
To avoid being a victim, a
Vishing. Voice phishing, where attackers use phone calls to solicit sensitive details.
To avoid being a victim, verify claims from unknown callers. If a caller claims to be from a bank or service, contact the organization directly using official contact methods.
Clone Phishing. Replicating legitimate emails but swapping links or attachments with malicious ones.
To avoid being a victim, enable two-factor authentication to add an extra layer of security to your accounts by requiring a second verification step, such as a code sent to your phone. Regularly update your operating system, antivirus software, and web browsers to protect against vulnerabilities.
The fallout of a phishing attack can be devastating, leading to identity theft, financial loss, and unauthorized access to personal or professional accounts. Businesses may face data breaches, reputational harm, and regulatory fines. Stay informed about new phishing tactics and share this knowledge with friends and colleagues. Install browser extensions or email filters that detect and block phishing attempts. If you suspect phishing, report it to your email provider, company IT team, or a relevant authority like the Federal Trade Commission (FTC).
.New FTC Tool Designed to Protect Consumers
The Federal Trade Commission (FTC) in October 2020 launched ReportFraud.FTC.gov, a new consumer-friendly fraud-reporting portal that aims to better protect consumers by identifying and foiling new scams sooner. Consumers can report anything from government imposter scams to phony weight-loss claims, abusive debt collection, and deceptive auto sales, along with all sorts of unwanted phone calls, text messages, and emails. And the FTC wants to hear about them all. Read more about the new tool on WSBA's NWSidebar blog.
.Reported Fraud Schemes Affecting the Public and Legal Profession
As a service to our members and the public, the WSBA provides information about reported scams targeting lawyers, legal service providers and legal services consumers. The Bar does not have authority to investigate these scams. Fraud schemes may be reported to the Washington State Attorney General's Office, The Internet Crime Complaint Center (IC3), or Federal Trade Commission.
.Fake Lawyer Discipline Complaints
Targeted population: Lawyers in several states
What to expect: Email pretending to be from state bar with link or attachment asking lawyer to respond to a complaint. Link is ransomware and may make all data on the computer inaccessible or compromise client data until a fee is paid.
.Tax Software Update Phishing Scam
Targeted population: Tax Professionals
What to expect: Emails sent to tax professionals pretending to be from tax software company. Emails offer link to "software update, " but actually installs a key stroke tracker.
.Real Estate Wire Instructions Scams
Targeted population: Lawyers and other holding real estate transaction funds
What to expect: Email with last-minute change in escrow funds wiring instructions. Email appears to be from a person legitimately involved in the transaction, but is actually from a hacked email account. The money could be wired to the hacker's bank account.
.Jury Duty Scam
Targeted population: Lawyers and public nationwide
What to expect: Email with link or attachment or phone message demanding payment or personal information to quash an arrest warrant issued for failure to appear for jury duty.
.Court Appearance Data Scam
Targeted population: Lawyers and public nationwide
What to expect: Email with subject line "Urgent court notice NR#73230 (or another random number), " attaching a fake hearing notice. If you open the attachment, it may download a virus to your computer.
.Counterfeit Check Scam (IOLTA)
Targeted population: Lawyers
What to expect: Prospective client contacts lawyer, often for debt collection matter. Lawyer receives what appears to be valid cashier’s check from reputable bank — supposedly settlement funds from the debtor (often a real company). Or the client sends a check for more than the agreed fee. After the lawyer deposits the check, the client asks the lawyer to wire the funds, less the fee, (or refund the overpayment) to a foreign bank. The lawyer wires the funds and then learns the cashier’s check was fraudulent.
More information:
Check Fraud Scams: Be Alert to Phishing — How Not to Fall Prey
Anatomy of a Fraud from The Lawyerist
Email Scams and Lawyer Trust Accounts from ARDC
Washington State Supreme Court Clerk Scam
Targeted Population: Washington Residents with Hispanic Last Names
What to Expect: Phone call demanding money and threatening arrest. Callers pose as the Washington State Supreme Court Clerk. The Supreme Court will never threaten people with arrest or demand payment.
More Information (This article courtesy of Washington State Office of the Attorney General)
Severance Checks
Targeted Population: Lawyers
What to Expect: A prospective client sends an e-mail claiming to be a former employee of a real company who has not received a severance check. The email to the lawyer may contain attachments that could include an employment letter, termination letter, severance agreement, and an email string discussing payment of severance. The reported scams have been virtually identical, with different severance amounts. This scam is currently active during the COVID-19 emergency.
More Information:
Evolving Scams: Don't Let Your Guard Down (This article courtesy of the Oregon State Bar Professional Liability Fund)
Scammers Target Labor Lawyers (This article courtesy of the Florida Bar)
Ransomware Attacks
Targeted Population: Law Firms
What to Expect: Hackers send e-mails containing attachments that contain "ransomware." Details of the e-mails are unknown. Hackers have stolen data, threatened to release the data unless paid, and published the data on the internet.
More Information: Ransomware Attacks Hit Three Law Firms in Last 24 Hours (This article courtesy of Robert J. Ambrogi)