Cyberattacks Against Lawyers Are Growing More Sophisticated, Officials Warn "You are no longer dealing in an age of the Nigerian Prince scam," Doss said. "Artificial intelligence models are currently being trained, for good and for bad, to make emails and other communications resemble exactly what you would expect." The speakers described four threat scenarios based on FBI warnings and real insurance claims. The first scenario involved the Silent Ransom Group, flagged by the FBI in 2025. This group sends fake invoices or account alerts to prompt callbacks. When the target responds, the criminals use the opportunity to deliver a malicious link or software, gaining remote access to the firm's systems. The second scenario exploits two-factor authentication. Callers impersonate banks or vendors and pressure attorneys or staff into clicking links or sharing credentials, thereby intercepting authentication codes to reset passwords and access financial accounts. The third scenario is a fake client scheme. A caller poses as a prospective client, agrees to any retainer, sends a check, and then quickly requests a refund before the check clears. This leaves the firm out of funds and exposes its bank routing and account numbers. The fourth scenario, based on the 2025 California case Thomas v. Corbyn Restaurant Development Corp., involved criminals who spoofed a law firm's email address by altering two letters and redirected a $475,000 settlement wire to themselves. The defense firm, which missed several red flags, including a changed phone number and a switch from checks to wire payments, was held liable for the full amount under a court rule known as the imposter rule. by Texas Lawyer |