Table of Contents
Lawyers: Be Aware of these Scams and Tricks!
Scammers and tricksters are attacking lawyers everyday but with a little bit of education, you can avoid making costly mistakes. Learn about some of the most common scams that we help lawyers avoid and be prepared to avoid others in the future.
[00:00:00.000] – Patrick Carver
Happy to have you with us for another episode of the Optimized Law Firm podcast. My name is Patrick Carver. I’m the owner of Constellation Marketing. Super happy to have you with us for another episode of the cast. Of course, this is where we help you run a more profitable and enjoyable law firm. This one is interesting. It’s a little bit different than what we normally talk about on this podcast, but this realm of questions does come up to me fairly often from clients that we are providing marketing services for and figured it would be good to talk about it. The topic for today is going to be all about scams and tricks that are out there, particularly in the internet marketing world, that you might be susceptible to, that you are probably going to see out there. You want to be aware and educated on what’s out there so that you can avoid them, avoid making costly mistakes, and avoid losing control of your website or other digital assets. Welcome, again. It is a pleasure to be with you. I’m going to talk first about why this is an important issue, some of the bigger picture consequences and reasons why you want to be focused on this.
[00:01:30.330] – Patrick Carver
Then I’ll go through a couple of the most common scams and tricks that I see out there that I get asked about pretty frequently. Let’s dive in and talk about why this is an important issue. If you are, if you have a pulse, you probably have felt the impact of there’s more scams, there’s more activity out there happening right now that is people trying to fraudulently get access or get money from you as an individual or from your law firm. With the expansion of low cost, really high level technology tools like AI, email marketing, things like that. There’s just been this renaissance and flood of people out there who are able to dispatch or distribute these types of scams for very little money. A lot of times these scams originate in other countries. There’s not really a good way to go about holding someone accountable for something like this, doing an investigation. There’s really a low barrier to entry for these types of scams because you can get just a couple of people and you’re going to get a return on investment. There are a number of scams and schemes that go into this bucket.
Common scams and schemes in the internet marketing world
[00:03:08.420] – Patrick Carver
I’m not going to get into any of the ones that deal with a prince in another country or some of these traditional phone scams that you hear about. And they’ve gone in and are often targeting elderly, advanced age people to get them on and make them think that they’ve made some big mistake and have to go to the bank and give them money, or they’re going to be in trouble or go to jail or something like that. Those obviously exist out there. The impact of these is also the same. There’s potential for financial loss. I think one of the more challenging, even beyond financial loss, is potentially losing access to your data by getting involved with one of these scams. I’ll talk about it specifically, but they often come via email. You click on a file or you start to engage with somebody, often via email, and they are going to have a couple of different aims. Number one, they probably want to get money out of you one way or the other. So they want you to either hand it over by thinking that you were giving money paying for a service or something that is really not what you’re paying for.
[00:04:33.050] – Patrick Carver
Or you can potentially click on something, click on a file, and it’s going to initiate some malware or some trojan horse where they then are going to take control of your assets, your computer, and either use that to steal financial information, passwords, access to your bank accounts, all sorts of different stuff can happen through there, or take over control of your website or other things like that and force you to pay a ransom. There’s been what feels like a lot of ransomware attacks over the past year or two, often dealing with police stations, different public services where it really is a big problem if they go offline and they don’t have control over their digital resources. And so this is happening. You’ve probably heard about some of the more higher profile incidents that have affected public resources, public organizations, and government offices. But it’s also happening on a smaller level as well. And so there’s a variety of these types of scams that are out there. But just because you are a smaller or solo law firm does not mean that you are not going to be subjected to some of these scams. And it’s interesting.
Scams involving email and fraudulent activities
[00:06:03.320] – Patrick Carver
Just prior to launching this podcast and talking about it, my wife came in and showed me an email with a scam email trying to get her to connect, saying that, Hey, you owe X amount of money. You have this delayed invoice and you need to get out and take care of this. In reality, it’s a scam. It’s a scam. It’s a scam that affects everybody. Like I said, the tools and technology are so cheap nowadays that you don’t really need a lot of capital, if any, to get this out there and have a really large impact where you’re targeting thousands or hundreds of thousands, millions of people. Let’s talk about just real quickly some of the reasons why or the potential downsides that can happen or effects that can happen. If you get looped into one of these things. You have the financial loss by thinking that you’re paying for a service that you don’t really need or it’s a complete scam. You’re losing money. You also lose the access, which could lead to even more money down the line or simply control of your assets. If you are a small or solo law firm, one of your biggest assets that you have is going to be your website.
Potential consequences of falling for scams
[00:07:34.920] – Patrick Carver
It’s how people find you, it’s how they contact you. If you’ve been putting money into marketing like with what we do with search engine optimization, for example, you’re building an actual asset. The more work you put in over a period of time, you are going to make that more visible where more people can find you and ultimately hire you and find you for a variety of different keyword phrases that interact with or integrate with what you do in your service area. Imagine that you’ve spent years building up this visibility. You’ve added content, you’ve done link building, you’re doing all this stuff. Then out of nowhere, you are offline. That tap of people finding you when they are out there searching for a divorce attorney or estate planning attorney, whatever the case may be, that tap goes off and they then are looking at your competition who is now more than happy to take over that market share that you may no longer have access to. Let’s talk about some of the specific types of scams that are out there so you can be better protected and you don’t have to ever have the negative consequences of this.
Common Scams: Facebook, Domain Renewal, Broken Website
[00:09:04.820] – Patrick Carver
One of the first things that I will just recommend is a blanket statement because it’s going to be a common theme with all the four different types of schemes that I’m going to talk about today. But be very wary and cautious about who you interact with over email. That is, I think, increasingly the most common area where you would be subjected to some of these scams. Phones definitely happen, but I think the way things have evolved with phones and the move to text messaging for a vast majority of communications. Most people, if you’re like me, are more reluctant to pick up the phone if you don’t know someone, especially my generation, I think is very reluctant to pick up calls if they don’t know who they are. You’ve already got your guard up in the phone realm, but email is so accessible for everyone. If you have a website, if you’ve done any business online, there’s a decent chance that your email information is out there, which makes it very accessible to people out there who are just scanning the internet, looking for emails that they can send this offer to and try to get basically it’s like fishing and they’re looking for a bite.
[00:10:32.640] – Patrick Carver
When you are going through your emails on a daily basis and you see something that looks potentially alarming, and some of the ones we’ll talk about are like, they try to get your attention by saying, Hey, you owe money. Hey, your website is broken. Different things like that, be very weary. And have a healthy level of suspicion to those types of emails because if you look closer and I’ll show you here, I’ve got my screen share going at the same time. So if you’re listening in via one of the podcast channels, definitely check out our YouTube and you’ll be able to see what the visualization of these scams actually looks like. But with a little extra attention and knowing where to look within those emails, you can very easily detect whether or not it’s a scam. The first one I’ll show is what I’m calling the Facebook Meta scam. And this has been something we’ve seen very, very often, both with us as our business. I’ve been getting these and we’ve had a number of clients also send this to us and give us their concern about whether or not this was something. So what does this scam look like?
[00:12:01.460] – Patrick Carver
You’re going to get an email that’s going to say something like, important notice and your business account has been restricted due to violation of terms of service or violation of property or different things like that. Obviously, that looks bad. You instantly, the antenna goes up. You’re a little worried. To be honest, I don’t know how the scam actually works beyond this point. But in the scam, in the email, it says the sender is a meta policy. At the bottom, it has Facebook’s information, like their address, and it’s signed off by the Facebook support team. Then it has this button at the bottom that says request review. The implication is that if you click that, you can get in contact with their support team and they’re going to help you get past this restriction due to the violation. But in reality, what they’re wanting you to do is click on that. Then I have never actually personally clicked on it just because I developed a healthy level of suspicion for these types of emails. They’re looking for that click. In the past, it’s been opening PDFs, it’s interacting with their emails and stuff like that.
[00:13:34.040] – Patrick Carver
When you get into this situation where you spot something that is a little bit fishy, looks a little bit suspicious, don’t click on anything. Don’t go into the attachment until you really feel confident that it is what you actually think it is. Most likely what’s happening is they’re wanting you to click on this button, this request review button. Then at that point, it’s either going to potentially push some malware on your computer, or they’re just trying to take you down a funnel of some sort where they’re going to take you to the next step of the scam and talk about, Hey, we’ve done a review on your account and you messed up this policy. There’s a violation. But if you pay us $100, then we can get that lifted right now, or you have to pay a penalty or something like that. That’s most likely what you are going to see if you get into something like this. But just as a blanket warning, it is so unique, or really, I would say impossible that one of these enormous commercial companies like Facebook, Amazon is a really popular scam source as well. People are acting on behalf of Amazon because everybody gets Amazon packages 24/7.
[00:15:11.790] – Patrick Carver
It’s basically impossible for them to have this type of punitive action where they would be requesting some financial compensation or something like that. It’s just super, super, if not impossible, very, very unorthodox. It’s certainly something I’ve never seen in all of my interactions with Google, Amazon, Facebook, and all of these companies. That is just not something that you are likely ever to see. There’s another really common scam that we see with Amazon and stuff. It’s like, Oh, hey, we accidentally put $1,000 into your bank account and we need you to send it back. Stuff like that is just never going to happen. If it feels like it’s a little too fishy to be true, then it probably is. My best advice on something like this on how to avoid it is really to scrutinize who is sending the email to you or where that information is coming from. And if you’re looking at the screen right now, then you’ll see I’ve zoomed in on the From section of this email. And the thing it’s important to know is where it says MetaPolicy as the From name, that can be doctored. You can put anything you want.
[00:16:38.910] – Patrick Carver
You could put that you are Barack Obama, and it’s coming from Barack Obama. That’s the first thing that you would see. And they’re obviously trying to show some of that credential that, hey, we’re a legit sender. But where it will really start to fall apart is when you click on the from sending email address. And that is going to be right next to the front name. You can click and it’s got all this information in the header. It’s called the email header, so it’s at the top. The telltale sign here is that if someone is sending you an email on behalf of one of these large multinational companies and they’re sending it from a Gmail address, or in this case, it says it’s got this really long, crazy looking string of numbers and letters, and it’s from salesforce. Com. This doesn’t make any sense to someone who has a salesforce. Com address would be sent on behalf of Facebook Meta, which is their new name. When there is misalignment or it does not match there. That is the number one thing to look out for and how to avoid these things in the future because the type of the scam or the specific task is going to change over time.
[00:18:14.340] – Patrick Carver
They’re looking out for any opportunity where they can come in, take advantage of something. Maybe you’ve seen in the news you saw a big class action lawsuit against Facebook or something like that. They’re going to play into all of that. You just need to take a breath, look at the header information, and it’ll give you a better idea of whether or not this is something that’s actually legitimate. Then, of course, at that point, take a screenshot of it and send it to your resident young nephew who has a lot of experience working with digital technology. Somebody like that would usually be able to help you sniff this out and avoid making a big mistake. Let’s talk about another example of a scam. This is one that has been around and it’s, I guess we could call it an analog scam compared to what we’re seeing now and the majority of scams that I see, which are specifically digital driven in the email space. This scam is the domain renewal scam. What does it look like? Potentially, if you own a website, you have received a letter and inside the letter it says annual website domain listing.
You owe $289 to renew your website and it’s an annual domain business listing on domain networks.com. Now, this looks official. It’s got a logo, it’s got your website name in it. And in this case, it even has the Registrar information for our website. So what that means is you have your domain name out there, you have purchased it or rented it, really, from a Registrar service. Most popular, well known one is GoDaddy, where you go and pay $14 a year. And that gives you the right to use that domain name. And it’s even got the hosting location URL for our website as well. So we use Cloudflare as a security protocol. And so it’s got all this very official looking information. And it looks like this might be on behalf of GoDaddy or something like that, but this is a scam. So be very, very wary about this. And the best thing you can do is actually just read through the document. Because if you look in the document itself, it gives you this wishy washy talking in circles paragraph. It says stuff like, We are not a domain registrar and we do not register or renew domain names.
[00:21:24.860] – Patrick Carver
This listing period is for 12 consecutive months and must be renewed annually if you wish to maintain your domain listing and keep it active on our online website directory. That’s really what their service that they’re providing. Under that, it says, This is not a bill. This is a solicitation. You are under no obligation to pay this amount stated above unless you accept this offer. This is obviously a very clever, intentionally opaque way of trying to prey on individuals who see something like this and say, Oh, my gosh, I got to renew my website because it’s such an infrequent type of activity for most people that you don’t really remember when you signed up for the domain access or your friend did it or your cousin or whatever. You see this and think, Oh, man, I don’t want to lose my domain. That would be terrible. I’m just going to go ahead and pay this. It has to get people, obviously, because this goes out all the time. I’ve actually looked into this, but it goes into a Peel box in Hendersonville, North Carolina, and I’m no cyber sleuth. That’s been the extent of my research on this.
[00:22:51.420] – Patrick Carver
But this is one that we see over and over again. We see it every year. Sometimes the same clients send this in over and over because they forget. You guys have a million things going on as a lawyer. To see this, it’s like, Oh, man, did I sign up for this? I can’t remember. I better go ahead and pay this out. Again, very simple. You’re just paying them a fee. They take it. You never see your money again, and it’s probably impossible to get a refund from it. How to avoid it? Be on the lookout for this. You can see the letter. I’ll have a copy of the letter in the video if you’re listening to this. It’s going to say it’s from domain networks. Com and annual website domain listing. Be on the lookout for this. It’s like a blue logo. You’ll get a letter and it’ll say expiration coming soon or something like that. So just be very careful with it, obviously. Don’t do it and keep your money. Okay, so let’s move on to the third type of common scams out there. This is back in the digital space. This is what I would call the website is a broken scam.
[00:24:18.210] – Patrick Carver
This is maybe not as much of a scam as some of these others where it’s just they really have no shame about trying to trick you and take your money. This one has a hint of actual service or value in it, but in reality, it’s more than not, I would consider it deceptively and really overkill for what most people need. And so to be specific, what does this look like? You may get an email that says something to the effect of your website is broken or emergency. This is not working on your website or something like that. And then it may go into detail what that specific item is that is not working. But the whole idea is to obviously get you worked up and cut through all of the other emails that you’re getting so that you’re worried about whether or not your website is at risk and it’s able to be out there and be found by potential customers. And so the example that I’ve highlighted here that you can see, it talks specifically about our website, right? And so it even is utilizing this smart website detection technology. And at the top, you’ll see the subject line is, Patrick, your Divvy website is not working right away.
[00:26:04.360] – Patrick Carver
So that’s another big hint for these types of scams. If the language does not look that great and it feels a little funny, you’re not dreaming, right? That telltale sign number one is when the language is a little bit funky, the capitalization is weird. If you look at the text of this email, you’ll see that all of those common offenders are all present here in this email. They go from talking about how the website is not working and then it’s like, Oh, hey, you missed our call. Yada yada. You’re still open to seeing how other websites are compared to yours and how we can help you. They’re obviously banking on you not really reading through this and thinking that your website is messed up and they’ve got a solution. This one’s a little bit more funky than some of the other ones where the language in the email is going to be very pushy. It’s going to try to scare you. It’s going to try and get you to get your alert up so that you get on a call and talk with these folks. The way it works, they’re looking to generally build you a new website or do something that is going to extract money from you in order to fix this supposed problem on your website.
[00:27:44.510] – Patrick Carver
In my experience, we’ve built hundreds and hundreds and hundreds of websites, and there’s always something that could be wrong with a website. It’s going it’s like going to the doctor. Even the healthiest people in the world probably have some minor deficiency. Their iron levels low or their cholesterol is high or something like that. Where the overall health of the website and your overall health is not really in question. It’s just there’s so many data points. There’s so many parts of a website that can fundamentally, quote unquote, go wrong or are not correct where you can effectively say like, Hey, yeah, there is something wrong with your website. But what they don’t tell you with these emails is like, How big of… What’s the scope of that? How important is this? They’re really banking on the fact that you don’t have any level of comprehension about technology behind the website. They’re banking on you not fully understanding it, overreacting, and then taking action with it. The vast majority of these type of complaints or messages are going to be for things that are not really make or break for your website. There’s only a few things that are going to really be an enormous challenge for your website.
[00:29:31.820] – Patrick Carver
Now, we offer SEO services, we build websites. And yes, there is a big difference between a well optimized website that takes advantage of the latest guidelines from Google, the best in class technology and technology practices. But there’s also websites out there that got added in 1995 and have not been touched since, and they still work perfectly fine. Are they utilizing the latest technology? No. Are there protocols that they should be taking advantage of? Yes. However, does the website still work? Is it still up? The answer is yes. You have to use your better judgment with whether or not this is something that is having a really fundamental impact on your business because your website can’t be found. The one thing that is really concerning is if your website is physically down, if people cannot access it, that’s going to be a big problem. Something similar to that is whether or not you have SSL encryption on your website. That is when you go to a website, it will show https. If you use Chrome, if you’re looking at a browser, it’ll be in the upper left hand corner right where the website URL and have a little lock on it.
[00:30:58.610] – Patrick Carver
This is another important thing… This is a protocol established by companies like Google to help protect websites so that people who are visiting websites that found them from their search engine are not opening themselves up to piracy, so they’re having their information hacked and causing security issues. If you don’t have that, especially in Google Chrome, they may not actually… They’ll put up a warning for users coming to your website that says, Hey, this is a potentially unsafe website. Those are two. There’s definitely other examples out there, but those are really two of the most important ones. But either way, you probably don’t really want to deal with somebody who’s finding you that way and just mass soliciting thousands and thousands of people. So if you do identify yourself as having one of those problems where you’re missing out on access or different things like that, then you want to just be careful and talk with somebody who maybe can help you out with that, that you would normally trust on your tech issues. The final one we are going to talk about today is less scary than the first two. But it’s still problematic and I want to just talk through it because it comes up quite often.
[00:32:31.410] – Patrick Carver
This is what I would call the Keyword Rich Domain Scheme. It’s not really a scam per se because you’re paying for a service or a domain. But I think the value or the things that people say to try and sell this are often incorrect. The scenario here, as far as what it looks like, you might get an email that says, Hey, we’ve got this domain name for sale. It’s maybe very similar to your domain, or it has the practice area and city that you practice in the name and we’d love to sell it to you. What’s happening here is people out there are going to purchase a domain. They’re called domain brokers. It’s very similar to buying and selling houses where people are buying them, maybe like foreclosure. They’re buying them on the internet, and then they’re just trying to sell them between parties. It’s just an arbitrage situation where they buy them for 100 and then resell them for 200, 300, whatever that number is. Their position on this stuff is that by buying one of these keyword rich domains, you are going to get some level of marketing value from it.
[00:33:54.800] – Patrick Carver
Now, there is something to be said for domains that clearly talk about what you do as a service. I’m not denying that having a domain in this case, we’ve got an example from Georgia immigration attorney. So no doubt there’s some level of value for that. It tells people exactly what you do. And so there’s really no confusion about what you do. And it’s catchy and it’s easy to remember stuff like that. But what people often say to sell this is that you should just get this and redirect this to your current website, and you’re going to get all these leads. It’s going to help you with your SEO. And so people have this idea that by buying just a domain name, there’s no real website behind it. It’s just this domain that by doing that, you are getting this big value. It’s really not the case. A domain is really only as good as the website. If in this scenario, someone was retiring and they had the domain georgiaimmigrationattorney.com, and they’d had a website up for 10 years, they’ve been writing content, building links, all that stuff, that’s an actual asset. But these folks who are doing the domain brokering, they have no interest in that.
[00:35:20.450] – Patrick Carver
They haven’t built a website, they haven’t added any value to it. They are just commodities traders. They are just moving this around and trying to capture the spread between what they bought it for and what they sold it for. If you look at this specific example, it’s going to say, You can redirect this domain to your primary website to capture leads of people looking for immigration attorneys in Georgia. The reality is that’s never going to happen. Now, the only way I would suggest that this makes sense is if your business is called Georgia Immigration Attorney, and it matches what you’re actually going to build your website about and it matches your brand name, then okay, this makes a little bit more sense. But this idea that paying $500 or $1,000 for this domain, you hit the redirect button, you’re magically going to get this rush of new clients is just completely preposterous. So be very, very wary about this because I know plenty of attorneys who are serial domain purchasers. They buy these domains and they’re sitting in GoDaddy with this idea that, Well, I could do something with it. That I could redirect these and I’m going to get some SEO value.
[00:36:43.850] – Patrick Carver
I don’t know who started this whole idea, but it seems to be very common among attorneys. They talk about it and it makes, on surface value, it makes sense if you don’t know a ton about SEO. But in the end, it does not really provide any value unless there is that underlying asset of a website behind it, and then there is some value. That’s pretty much it in a nutshell for today. Big takeaways, I would say, just be very, very cautious about the emails that you’re getting, the people who are trying to interact with your business. And if it looks super alarming and not too good to be true, too bad to be true, it probably is. And so spend that extra minute or two to add some extra scrutiny to these types of inquiries, whether it’s in the digital space or in a regular letter, before you give up financial information, either lose money or potentially create a security issue for you and your firm because ultimately, a couple hundred bucks, you’re going to make it out of that. That’s not the biggest thing. But if you lose your access to your website, it gets hacked, your email gets hacked.
[00:38:02.000] – Patrick Carver
Not only can it open you up to more financial problems down the road, but it’s just an enormous nuisance if you do lose access to that type of stuff and you’ll really regret it down the road. Hope this has been helpful. If you have any questions, as always, please feel free to email me, [email protected] Thank you so much for giving this a listen and hope you have a great day.