Federal Courts Issue Nationwide Alert: Attorneys Targeted by CM/ECF Phishing Scam
1
0
This Wednesday, November 6th, U.S. federal courts sent out a public alert warning attorneys nationwide to be cautious of a surge of scam emails arising.
It seems that the federal courts are not the only ones focused on spreading the word on this update, as district courts all across the nation are equally hard at work, with the most noticeable alerts online being seen from the district courts of Florida and even Indiana as well.
The reports further label the main culprit of this sudden rise to be emails that are disguised to look like official emails from the federal Judiciary’s Case Management/Electronic Case Files (CM/ECF). What the CM/ECF is supposed to do in reality is be a system used by attorneys as a method of filing a multitude of documents such as motions, petitions, or pleadings with the courts.
How the phishing email operates, as per an example by the Southern District of Florida, is to notify unsuspecting recipients of a filing that was submitted to the court, and state that the reader has a deadline to respond to the said filing. Where the main “phishing” part of this email comes from is through the files attached to the email, which is supposedly the filing, but in reality, is a link that grabs information from the user’s device, which could range from social security numbers to bank information and credit card numbers.
While it may seem like common sense to carefully check the email before clicking on any links, these emails entice attorneys to click on links by giving them an immediate deadline, urging them to act fast on whatever proceeding they are describing. The IT Security Office shares this same reasoning for the Administrative Office of the U.S. Courts in the public alert, which states, “ the fake Notices of Electronic Filing prompt recipients to reply immediately”.
The alert provides ways to be more keen-eyed for these fraudulent emails, such as notifying attorneys to be sure to always validate case numbers and documentation through their local CM/ECF systems before clicking on any suspicious links or documents. The Northern District of Indiana extends, stating that people will only be served with court documents electronically if they are actively involved in a federal court case and have opted in for electronic notifications.
It is currently unknown how many people have been affected by these emails, as there has not been an official report on this yet, however, given the fact that the federal courts had to intervene and put out a warning, it can be assumed that this event may have had many detrimental impacts for law firms in all regions.
This incident goes to show two different things about the law world. One, it strengthens the constant reminder of how important and intertwined cybersecurity is to the legal world, with risks of leaking crucial information from the firm network happening regularly, and two, even lawyers, notorious for reading into every detail, can still fall for the oldest trick in the digital book.