DEPARTMENTS
LAW OFFICE TECHNOLOGY
Tales from the Inbox
BY JEFFREY ALLEN
I
have spent a fair amount of
time writing about avoiding
the risks associated with open-
ing strange emails and exposing
yourself to having the bad guys
get access to your data and confi-
dential information. I have had a
number of people ask me to write
an article discussing some of the
more common scams and how to
Jeffrey Allen is the principal
of Graves & Allen, a small firm in
Oakland, California, that, since 1973,
has emphasized negotiation, struc-
turing, and documentation of real
estate acquisitions, loans and other
business transactions, receiverships,
related litigation, and bankruptcy.
He also works extensively as an arbi-
trator and a mediator. He is editor-
in-chief of GPSolo magazine and
the GPSolo eReport and serves on
the Board of Editors of Experience
Magazine. He also served as a mem-
ber of the Board of Editors of the
ABA Journal. Allen has served as a
member of and liaison to the ABA
Standing Committee on Technology
and Information Services. Allen
regularly presents at substantive law
and technology-oriented programs
for attorneys and writes for several
legal trade magazines. In addition
to being licensed as an attorney in
California, he has been admitted as
a Solicitor of the Supreme Court of
England and Wales. He is an asso-
ciate professor at California State
University
evaluate whether you are being
scammed. Given the severity of
the problem, I decided that could
prove a topic of interest to many
of you, so here goes.
RECENT NEWS ACCOUNTS
Just to put things into a bit of
perspective, as I read the news-
papers the other day, two arti-
cles caught my attention. One
of them appeared in the San
Francisco Chronicle, reporting that
the LeakedSource Web site had
reported that it has a cache of 33
million Twitter records, includ-
ing passwords. The article noted
that Twitter denied that its sys-
tems had been breached and sug-
gested that the information had,
most likely, come from malware-
infected browsers that captured
the information and transmit-
ted it to hackers. (SF Chronicle,
6/10/16, page C-1). The other
article appeared in the Wall Street
Journal, bylined to Nicole Hong,
and reported that two individu-
als entered not-guilty pleas to
charges in federal court that they
had broken into computer net-
works of a dozen companies,
including J.P. Morgan Chase &
Company, as part of a global net-
work of criminal activity. Other
companies allegedly involved
included: E-Trade Financial Corp,
Scot-trade, Inc. and Dow Jones &
Co. (WSJ 6/10/16 page C-1).
196
Interestingly, the next day’s
Chronicle contained an article
titled “They’re Hacking People-
Not Systems,” bylined to Sean
Sposito. This article recounted
the story of a young woman
who works for a tech startup
and was victimized by a phony
text message purportedly from
Google. Are you beginning to
see a pattern here? The article
reported that the text message,
logo included, advised her that
her Gmail account was com-
promised. It told her that her
account logged in from an unfa-
miliar location and that if she
had not done that, she should
respond with a security code that
Google would send her. When
she did that, the hijacker gained
control over her email account,
allowing access to any previ-
ous emails and any confidential
information they contained. The
article goes on to say that over
the course of the next several
days, the young woman fought
with the hijackers for control of
the account in a war that saw the
password changed 11 times by
the woman before she regained
control of the account. The arti-
cle also noted that some of her
friends had similar issues in the
same time frame. The article,
which references this approach as
“social engineering,” reports that
Google refers to this as “manual
hijacking”. (SF Chronicle, 6/11/16
page D-1.) With a tip of the hat

to Gertrude Stein and a nod to
Shakespeare, a scam by any other
name is a scam, is a scam, is a
scam!
SCAMS, SCAMS, SCAMS
I have titled this piece “Tales
from the Inbox,” as I intend to
focus primarily upon examples
of the work of the bad guys that
appears in the form of emails. I
have collected a number of exam-
ples from my own inbox and will
explore them with you to help
you understand how they are
suspicious and why you should
stay away from such emails
should they appear in your inbox.
Her account logged in from
an unfamiliar location.
I will not bother with the
legion of emails that I have
received (and that I suspect many
of you have received) offering
to sell various drugs for erectile
dysfunction at discounts. By the
way, if you are a person of the
female persuasion and happen to
get them, don’t feel like the Lone
Ranger. I know many women
who have received such emails.
Whether they are selling what
they claim to is something I do
not know. Nor is it something I
will explore. I would rather pay
more and get my prescriptions
filled by a pharmacy that I know
is regulated than from a facility
in another country where I have
no such confidence.
I will also skip the many
emails that seem to go around
(again to men and women) offer-
ing to get you fixed up with a
bride from Russia or from (pick
a country, any country). Those
are too obviously scams to fool
anyone reading this column.
The scam can play out a number
of different ways, none of them
good. The “bride” may simply
want to try to get money from
you to pay to bring her over here
to marry you (odds are she will
never show up, and you will
never see the money again). On
the other hand, it may well be an
immigration scam to try to get
someone into the United States.
The scams come in the form
of email purporting to be from
stores, banks, politicians, admin-
istrators in foreign governmental
posts, and even in the form of
posers as officers of foreign com-
panies looking for legal represen-
tation. Many of them present a
highly amateurish approach, oth-
ers, however, are fairly sophis-
ticated. We will look at some
examples of both.
Phony Web Sites
Many of the bad guys have
gone to the trouble of setting up
phony Web sites to try to pass
them off as legitimate. Most of
the scams seek to obtain access
to credit or bank accounts. Often
they purport to come from banks,
sometimes from stores. For
example, yesterday I received a
legitimate looking email purport-
ing to be from Macy’s telling me
that I needed to reset my pass-
word or they would cut off my
account. The email had a Macy’s
logo and appeared for all pur-
poses to be from Macy’s. If you
click on the enclosed link it takes
you to a Web site that appears to
be Macy’s and asks you to reset
your password by first provid-
ing your current password and
then typing the new password. It
looked very real and represents a
sophisticated approach to email
scamming. It would have been
TALES FROM THE INBOX 197
easy to fall for this one, but for
one small detail: I have no-online
relationship with Macy’s to reset.
That fact made it clear to me
that, no matter how legitimate it
may look, the email represented
a scam. Undoubtedly the bad
guys sent it to any number of
addresses, anticipating that some
would have Macy’s accounts and
that some of those people would
fall for the request and provide
their passwords to the hackers.
An Amateurish Recent
Example
Now let’s look at a far more
amateurish approach. The other
day I received an email purport-
ing to be from Janet L. Yellen.
If that name sounds familiar
to you, it should; she chairs
the Board of Governors of the
Federal Reserve System. That
email read as follows:
Mrs. Janet L. Yellen
Reply-To: Donald Mcgrath
Tracking number: 6823350549
Dear customer.
This is to notify you that your
Recompense fund as approved
by the Federal Reserve Bank
have been transformed into an
atm card and mailed already to
you. Because we did not receive
a confirmation of your mailing
address before the dispatch took
place, it was mailed to a counter-
part here in USA whom volun-
tarily agreed to receive it on your
behalf through DHL after paying
your mailing fee. Below are the
tracking details:
DHL Website: www. dhl.com
Tracking number: 6823350549
Note that the delivery had
been on transit but only arrived a
198 AMERICAN JOURNAL OF FAMILY LAW
while ago. You’re to contact him
and let him have your mailing
address where he shall mail the
card to. Kindly note that you’re
to refund him the $158 which
he paid on your behalf before
the mailing took place for him
to mail the card to you. Send
the fee of $158 to them via this
below information. You are to
use below information to send
the required $155 through money
gram or Wal-Mart to Wal-Mart
transfer to proceed the transfer
process immediately.
Receiver Name: Emeline
Faulkner.
Country: United states of
America
City: Roseburg Oregon.
Amount, $158 only
You can call us or text SMS
this number (762) 278-0239
Contact him through the email:
(donaldmcgrath331@deliveryman.
com) and call them this phone
number +1 (762) 278-0239. His
name is Mr. Donald McGrath and
his wife is Faulkner McGrath.
You must thank them very much
since they saved you from losing
this recompense tam card worth
$4.7million united state dollars
which was almost canceled as a
result of your negligence.
Let them tell you how to send
them back their refund of $158
and make sure you send it to
them so that they will mail your
card to you.
Confirm receipt of this email.
Regards,
Mrs. Janet L. Yellen
While it is certainly suspi-
cious that Janet L. Yellen would
send an email on such a subject,
or that anyone would be send-
ing me recompense of $4.7 mil-
lion for anything, those were
only the first clues that this was
a scam. I had several other rea-
sons to know that the email
was a scam. By clicking on the
name “Janet L. Yellen” at the
top of the email, I got the email
address for the so-called Janet L.
Yellen. It was “westernindustrial@
andinanet.net”. Nothing about
that address suggests that it
really came from Janet L. Yellen
or from the Federal Reserve
Board. Whenever I see a situa-
tion like that, I presume that the
email is not legitimate. Although
that approach is not foolproof, it
can identify phony notices. Other
things that put me on notice of
something rotten in the inbox
include: the unusual sentence
structure, the many instances of
bad grammar, and the inconsis-
tency in the text. These are not
foolproof as, occasionally, even
the best of us makes a gram-
mar error. It is, however, highly
unlikely that the real Janet Yellen
would have sent an email as
badly structured grammatically
as the one quoted.
Attorneys as Targets
Not surprisingly, I have
encountered some examples
of scams designed specifically
to prey on attorneys. Because
most of the people who read
this column practice law, I will
talk about some of those scams.
I recently received an inquiry
through my law office Web site
asking if my firm handled breach
of contract litigation, which,
of course, we do. In fact, any-
one who looked at the Web site
would have known we handled
such matters. Despite the fact
that the inquiry came through
my firm Web site and not as part
of an email directed to “undis-
closed recipients,” I was some-
what suspicious of it. I had it
in mind that I would write this
article, so I elected to do some-
thing I would not normally do
in a suspicious circumstance: I
responded to the inquiry. I sim-
ply emailed back that we han-
dled that type of matter. The
response that came back shortly
after my email asked me to pro-
vide terms of representation and
information as to the firm’s bill-
ing practices. The hacker also
asked for a copy of my represen-
tation agreement.
She fought with the hijackers
for control of her account.
Continuing my game of cat
and mouse, I told them our bill-
ing practices, my hourly rates,
and the amount of a deposit
we would require. I also sent
them a copy of the form of our
representation agreement, but
not on letterhead and water-
marked as a “SAMPLE” to pre-
vent them from making any use
of it. They responded by send-
ing me an email telling me they
wanted to hire our firm and ask-
ing for information about our
bank account so that they could
wire transfer funds to it. They
also sent documentation that
included what purported to be
a contract, invoices, and sev-
eral pieces of correspondence.
Nothing about the documenta-
tion appeared phony, but I was
still pretty sure it was a scam. As
a result, I did not want to pro-
vide our banking information,
so I simply responded that they
should send a check to us. They
did not like that very much and

pushed for the banking informa-
tion. When I would not provide
it they changed their tactics.
I got an email from them tell-
ing me that they had notified the
buyer under the contract that
my office represented them and
that we were preparing litigation
against them. The email told me
that the prospective defendant
had caved completely and would
be sending me a cashier’s check
for the balance owed under the
contract (an amount in the low
six-figure range). Sure enough,
the next day, we received what
appeared for all purposes to be
a cashier’s check from the buyer.
The check was payable to our
office. Presumably the tactic
would be to have us deposit it in
our trust account and write the
scammer a check to transfer the
money.
Keep software current;
updates may address
security issues.
Still confident that this was a
scam, I had my assistant take the
check to the local branch of the
bank, and they confirmed that
the check was not legitimate. I
sent an email to the scammer
saying that they had no authority
to send an email to anyone claim-
ing we represented them, unless
and until we did. I also advised
them that we had received the
so-called check and that it was
fraudulent. I never heard from
them again.
This approach is not uncom-
mon. I have had numerous rep-
etitions of the initial letter from
a variety of companies in many
locations, almost all of which are
outside of the United States. I have
not played cat and mouse with
the others, as I thought one was
enough for this article. I have oper-
ated under the assumption that all
were fraudulent, in part because of
the fact they repeat almost verba-
tim the opening salvo.
There are many other types
of email scams out there, and
any effort to discuss all of them
would require a book, not just an
article. I wrote this to give you
some insight into the nature of
some of the issues that you face
due to the increasingly common
use of the Internet and email by
all of us. I do not write it to sug-
gest that you should not use
these facilities any more than I
would suggest that you should
not drive because a car can be a
deadly weapon. Rather I write
to urge you to use these facilities
with great care, just as I would
advise you to drive carefully and
defensively.
SOME RULES TO PRACTICE
Some of the rules you should
practice:
• Keep your software cur-
rent as updates often
address security issues.
TALES FROM THE INBOX 199
• Do not open emails from
unknown sources.
• If you get an email asking
you to reset your password
or to log into an Internet
account, be careful. Do not
use any link provided in
the email; odds favor link-
ing to a phony site. Instead
log directly into the Web
site of the company and
work from there.
• If you get an email you do
not expect with an attach-
ment, do not open the
attachment, as it might con-
tain malware that can infect
and perhaps even take con-
trol of your computer.
If you have never heard of
The United States Computer
Emergency Readiness Team
(US-CERT), it is a branch of
the Office of Cybersecurity
and Communications’ National
Cybersecurity and Communi-
cations Integration Center. Its
job is to analyze and endeavor
to reduce cyber threats and vul-
nerabilities, disseminating cyber
threat warning information, and
coordinating incident response
activities. They wrote a very use-
ful piece on this subject titled
“Recognizing and Avoiding
Email Scams.” I recommend
that you get a copy and read it.
You can find it online at https://
www.us-cert.gov/sites/default/files/
publications/emailscams_0905.pdf,
(last accessed October 16, 2016).
Copyright of American Journal of Family Law is the property of Aspen Publishers Inc. and its
content may not be copied or emailed to multiple sites or posted to a listserv without the
copyright holder's express written permission. However, users may print, download, or email
articles for individual use.