by Sheila Blackford ©2010 Despite the lazy days of summer, scammers never rest. Neither should we when it comes to protecting our clients’ and our own personal information. In the June 21, 2010 Lawyers USA Online article by Nora Tooher, “Online bandits pilfer client trust account,” we learned about the risks of online banking from the experience of Florida solo attorney, Kimberly Graus who had $35,254 stolen from her trust account in May. “A computer forensics expert Graus hired said the hackers probably accessed her passwords through a virus hidden in an email.”
Despite heat from a hot day or from frantic activity to get everything done so you can generate cash flow to pay expenses, pay attention to securing the information you are entrusted with to avoid the painful, too-late-now refrain: What was I thinking??! To help you shore up your defenses against scammers, here are five tips that can be put into action:
1. Security on your computer. Scary stories abound about malware like Trojans getting onto your computer. Earlier we were unnerved to hear about the Zeus Trojan which managed to steal one million dollars from UK bank accounts. How to protect yourself from malware? Get a good security program onto your computer and update it regularly and do recommended scans. Your bank’s online banking site may be protected but your computer is infected with a Trojan that is recording your information and sending it to a remote site. Make sure your computer’s security program is engaged – read the instructions and watch those symbols in your computer tray – you may discover your security program’s logo has a red “X” indicating that it is disabled. Here are CNET reviews of three popular programs that you may want to put onto your review list: 1. Kaspersky Internet Security 2010; McAfee Total Protection 2010; and Norton Internet Security 2010.
2. Watch what you download. Last month, Mozilla found out that there was an “unauthorized” Firefox application called “Mozilla Sniffer” that was downloaded 1,800 times at the site “addons.mozilla.org.” The “Mozilla Sniffer” intercepted log-in data and forwarded it to a remote server. One would assume that what is downloaded at “addons.mozilla.org” would be authorized and safe. Apparently not. Read the story on CNET here. Moral of the story: be careful and double-check what you download. You may be downloading something entirely different than what you’ve been “promised.”
3. Adopt safe passwords. We’re asked for so many passwords these days that some of us are becoming disengenious, using one password everywhere including as our ATM code. You should stop using the same password everywhere. Not all websites requesting passwords are adequately protected and there may be something lurking that captures your password and the history of the websites you’ve visited. Don’t make it easy for someone to have your single “Key to the Kingdom.” Get a password protection program. Password Safe, from Bruce Schneier a well-respected cryptography expert, is a free Windows password-storage tool: you only have to remember the one master password to access your personal password list. Download Password Safe 3.23 from CNET as well as read their editor’s review here.
My fellow PMA, Dee Crocker is a big fan of Robo Form’s new web-based password protector, RoboForm Online. You can download a free trial here. The license is $29.95 for your desktop or laptop, one license per computer. You can even allow RoboForm ahd many other password protection applications to generate random passwords for your various sites.
If you use more than one computer, you might want to invest in a USB password protector like YubiKey which can be found here. You can get it for $25 in black or white. I don’t care about the color; just send the key. I confess to being impressed that I can customize it to include two of the three options: 1. 44 character one time pass code; 2. OATH 6 or 8 digit one time password; or 3. 1-44 character static pass code.
3. Adopt a safe password. Have a “strong” easy to remember password or you might forget it. Depending on the site, you should follow directions to create a mix of upper and lower case letters, numbers, and symbols. Some people are having better luck remembering a “pass phrase” that is meaningful to them. Idea: “My billable rate is $250 per hour!” would translate to the following pass phrase: “Mbri$250!” and don’t forget to mix things up for other sites, like online retail sites – “I love to buy books for under $10 from Amazon.”
4. Think twice before engaging in online banking with your clients’ money in your lawyer trust account. Many of us enjoy online banking with our personal bank accounts and even our business accounts. Lawyers owe a fiduciary duty to their clients to protect the property they have been entrusted with: money held in the lawyer’s trust account on behalf of the client. Many banks do not allow online transactions involving a lawyer’s trust account. It may be time for a change in procedure otherwise.
5. Become aware of current scams such as counterfeit cashier’s checks. Difficult financial times have lulled some lawyers into letting down their guard when accepting new work from “unknown” clients. Typically a prospective client overseas seeking legal representation in a civil matter shortly before a legal holiday, sends a cashier’s check in excess of the anticipated fee and then hurries the lawyer to refund the overpayment. The lawyer finds out after the holiday that the cashier’s check is counterfeit and the overpayment refunded to the client has depleted funds belonging to the lawyer’s other clients. Watch for the next PLF InBrief newsletter for my article about these scams. Meanwhile, read Jim Calloway’s excellent article, “Why The Check is in the Mail” Isn’t Always a Good Thing” in the July/August issue of Law Practice Magazine here.