By Julie Bays, OBA Management Assistance Program Director

I recently heard from a local attorney who discovered her email address was being spoofed. Other Oklahoma lawyers began receiving messages that looked like they came from her, with subject lines like, “Here’s the attachment I wanted to share with you.” Hopefully, no one clicked on the attachment.

This type of scam is becoming more common. Cybercriminals know that lawyers are more likely to open emails from other members of the Bar. By impersonating a familiar name, they create a false sense of trust that can lead to stolen credentials or malware.

If you receive an unexpected email from another lawyer, especially one that contains an attachment or link, pause before opening it. Here are a few ways to protect yourself and your firm:

• Hover before you click. Check the sender’s full email address. Spoofed addresses often contain subtle misspellings or extra characters.
• Verify directly. If something seems off, pick up the phone or send a new message (not a reply) to confirm the lawyer actually sent it.
• Don’t download attachments or click links unless you’re expecting them.
• Report the attempt. Let your IT provider or firm administrator know immediately so they can block the domain or take other preventive steps.
• Educate your staff. A quick reminder at a staff meeting can prevent a data breach.

Incidents like this highlight the importance of staying up to date with technology and its potential risks within the legal profession. Understanding how email spoofing works, and ensuring your team can spot it, helps safeguard sensitive client information and reinforces your commitment to professional standards.

If your address is ever spoofed, notify your contacts and local Bar associations so others are aware. Even the most tech-savvy lawyers can be targets. A moment’s hesitation before clicking can save hours of cleanup later.