The New Zealand Law Society is again warning lawyers and law firm staff to think twice before clicking on attachments in emails sent to them.
The warning has been prompted by appearance of an email which uses the name of a genuine employee in a genuine and reputable law firm and which asks recipients to access an attached document.
The email has been sent by fraudsters who have hacked into the law firm's email system. The "document" link almost certainly links to malware. The format of the email is that of all emails sent by the law firm. Anyone clicking on the "attachment" runs the risk of infecting their computer or IT system.
The text of the email is short and to-the-point:
Please Refer to the enclosed document for your kind reference
[Name of genuine lawyer]
Questions to ask
The New Zealand Law Society's internal email policy contains some useful questions which should be asked about every incoming email:
Who is sending me this email? Can you be sure that it is in fact the person known to you who is emailing you? The email from the law firm above is a good example of one which may seem genuine on the face of it. However, look for any unusual style in how the email is phrased or in how they address you. The uncommon greeting in the text above, and the strange use of language and capitals in "Please Refer to the enclosed document for your kind reference" should immediately raise suspicions.
Unknown person: If the email address looks unusual (not the case in the example above as it uses the firm's email addresses) but purports to be from a lawyer, check them out on the Register of Lawyers. Call them using the phone number given. If purporting to be from a non-lawyer, check that the email address matches the company name or other details.
Why are they contacting me? If from someone you know, does it refer to a matter you are familiar with? If you are unsure, personal contact by phone (an email runs the risk of being intercepted by the fraudsters) is highly recommended. If you do not know the person, why are they sending you something "out of the blue" with little explanation?
Either contact the sender personally by phone or reply to the email stating that you do not open attachments without some further information about the contents. Ask for detail about what the attachment is and what matter it refers to. Ask for a contact phone number.