Take the Test: Will You Fall Prey to Phishing? 6 Tips to Identifying an Email Scam

Email is the driving force of communication.  Lawyers often receive over 100 emails a day.  It can be easy to overlook potential scams hidden in your inbox.  Hopefully, your firm has the proper security protocols in place: spam servers, anti-virus servers, and malware detection to name a few.  However, hackers are getting more sophisticated and fraudulent emails can slip through the cracks.  

Do you have what it takes to spot a fraudulent email? Let us put your keen eye to the test.  Take a minute to review the email below.  There are at least ten signs of a fraudulent email. How many can you catch?



Grammar and spelling errors are the number-one telltale sign of a fraudulent email.  Usually fraudulent emails originate in other countries and the translation of words often results in numerous grammatical and spelling errors.  See the errors highlighted in yellow below:


If you receive an email with an attachment, ask yourself the following questions before opening it – Are you expecting an email from opposing counsel? If so, are you expecting an attachment from them? If you have not talked to this person in a while, or the case settled two years ago and you do not expect them to be sending you any documents, it is probably a scam.

If there is a zip file attached to the email, be extra careful. Zip files are a convenient way to package together numerous files, but can be very dangerous. They are dangerous because they cannot be scanned through anti-virus programs.  If you unzip the attachment, the intruder is in.  Then, without you knowing, emails will be sent to all your contacts, in the hopes that one of them will click on a link in the email, or open the attachment/zip file.  When one of your contacts gets an email from “you” and opens the attachment or clicks on the link, they have now downloaded the virus/executable.  And the virus continues to travel now having to access all of their contacts.

A good rule of thumb is, if you receive a “suspicious” email with attachments, one that does not look or feel right, it probably is not right.  The best thing to do is delete it and contact the sender via telephone to let them know of the suspicious email you received.  Ninety-nine percent of the time, your contact will confirm it was fraudulent.


If an email contains a link to click on, think twice before you click. Without clicking on it, hover over the link first and you will see the actual address this link will take you to if you click on it.  It may not be the site you were expecting. Without your knowledge, that link could lead you to a site where you could download a dangerous virus/executable.  In the example below, notice that the link is going to, which is clearly not the State Bar’s website.


No matter how real an email looks, a reputable company will never ask for personal information via email.  If an email asks you to provide sensitive personal information, it is probably bogus. Remember, it is never secure to send any personal information over email without email encryption software.  If you think the email you have received is from a legitimate company and they ask you to click on a link to access their secure site, close the email, go directly to the company’s official website, confirm the site is secure, log in, and continue your business from there. 


Every email address contains a domain.  For example, the name you see may be of an attorney you personally know, but the domain name is not the firm they work for (see below).  This is called spoofing, meaning it appears to be from someone you know, when in reality it is not.  Always check the email address details of the sender.  If it is a reputable company, it will come from that company’s domain name.

The email below looks like it is from the State Bar, but when you look at the details, you see [email protected].  The domain is not State Bar – it is actually from


Unfortunately, disasters or tragedies are often breeding grounds for bogus emails.  Be careful of emails requesting donations to assist those affected by the most recent disaster.  It may be fraud and you may be providing your financial account information to a deceitful organization.  If you wish to give, go directly to the official, secure website of the organization, and donate safely.

Even with security steps in place, it is almost impossible to be 100% secure.  As new technology evolves, so do new scams to get around the new technology.  It is important to educate your employees on what to look out for because the majority of viruses are “allowed” in when end users do “something” to allow the virus to access the network.  Educating your employees often about how to recognize the signs of fraudulent emails is the first step in stopping the crimes from occurring.