White Collar Crime News

Lawyers are victims and targets in identity theft scam February 3, 2009

Identity theft scam targets lawyers

I’ve been getting email from various Hong Kong based businesses asking for me to represent them here in the U.S. Seeing as I primarily handle criminal defense and family law, it was pretty clear that this was a scam so I deleted it. However, I recently got an email from a Seattle based attorney Thomas S. (last name redacted) who wanted to refer me a client who lives in the U.K. that has a matter where I practice law, even though New Jersey wasn’t mentioned specifically. While he asked me to contact his client directly, he provided a US based phone number if I had any questions for him. I googled his name and he is a real attorney. So is this attorney trying to scam me or is this legit?

Neither actually. While Thomas S. is a real Seattle based attorney from reputable law firm, his identity has been stolen and used by thieves from out of the country. I noticed his email is different than the one that emailed me so I forwarded the message to his real email address. He indicated that he has already contacted law enforcement but they refuse to help him because there is little they can do when the thieves are overseas.

As an identity theft assistance attorney, spotting the scam was rather easy for me. For one, an attorney that I never spoke with emailed me a referral for an area of law the I don’t practice. In addition, the grammar was very bad to the point where it was clear that the person sending the message is not a native English speaker. Finally, the client was located in another country and the attorney told me to call the client rather than call him to discuss the case.

Using the identity of a real attorney is a very interesting take on an old scam. It shows that the thieves are changing tactics as the American public has learned how to spot their scams. Using google to confirm the identity of anyone that sends you a business proposal is a must. A quick google search here revealed that while Thomas S is real, he had a different email address and phone number. Thieves are more likely to use a disposable email address like gmail or yahoo instead of hacking into the victim’s real email address.

If the grammar was better and the thief sent this email to an attorney that actually practiced this area of the law, the scam has potential to be successful. Using this “introduction” from a US based attorney adds legitimacy to the alleged client. Furthermore, nothing in the email indicates that you are required to send any money to anyone. In fact, it appears that you will receive money from this new client. All you have to do is call or email. What’s the harm in that?

That is called the “foot in the door” approach to a scam. The thief builds your trust slowly as you take little steps. You are given additional smaller tasks that do not require you to send money. In fact, they will indicate that this will be a very profitable client. Thus, when you are asked to send money, it is not that far of a leap from what you have already done and the trust you have already built up. The delete button is all you need to avoid becoming a victim of this scam.

Thomas S. was most likely targeted because he was a Seattle attorney. While the phone number used in the email is a Seattle based phone number, it is a free voicemail number issued by International Telecom Ltd through their K7.net service. When you call the number, you receive a generic recording instructing you to send your fax now or leave a message.

There is little you can do to prevent a thief from using your name to perpetrate one of these scams. However, there is action you can take if someone informs you that your name is being used in one of these scams. First, you should contact law enforcement and get a report regardless of whether or not they plan to help you. Second, you should work to shut down all email addresses contained in the message. In the message I received there were three: one of the attorney, one of the client and one for an assistant to the attorney. All email addresses were from a free service. To shut these down, type the service used (i.e. gmail, yahoo, etc.) followed by “report abuse” into google. That will quickly lead to the page where you can report the abuse. The email address should be shut down fairly quickly.

You should next work to shut down the phone number (assuming it is based in the US). To determine the company that services that phone number, go to http://www.fonefinder.com. Type the number into the box at the top of the page and click search by number. This free service will then provide you with all of the information regarding this number including the company you will need to contact. If no link is provided, you will have to type the company name into google. You can then call that company and get that number shut down. While the thieves can always get new email addresses and phone numbers, you will quickly make it clear to them that you are on to their scam and they should probably move on to someone else.