When the email from you actually isn’t

Scam emails — we’ve all received them. Whether they’re the typo-filled kind promising unique investment opportunities or the more sophisticated messages that impersonate a legitimate company or professional, the goal is to trick you into sharing personal information.

As it happens, Modern Law: Verdicts and Voices host Alison Crawford recently received one of the latter variety from someone impersonating Vancouver lawyer Gavin Manning, a very real person with more than 25 years' experience in intellectual property law.

The emails informed Crawford that someone wanted to trademark the name of her business, but Manning could help her submit a trademark first for a hefty fee.

Sounds legit, right?

Crawford didn’t take the bait. Instead, she tracked down the real Gavin Manning and invited him to appear on the podcast.

It turns out, she’s not the first person contacted by someone posing as Manning.

“A couple of months ago, a couple of clients of mine, more or less at the same time, sent me emails saying, ‘I got an email from somebody, and they say that there's a startup company which wants to register my company's name as a trademark. If I don't do that, then all kinds of bad things are going to happen,’” says Manning, who works at Oyen Wiggs.

“First of all, no legitimate Canadian trademark lawyer would receive instructions from one client to file a trademark application and then go to somebody else and say, ‘I'll register the same trademark for you instead.’ That is just totally unethical.”

Manning told his clients they could ignore the email. However, over the following weeks, more clients reached out to him, each having received the same scam email about registering a trademark. That sent Manning down a rabbit hole to find out where these emails with his name were coming from, eventually leading him to cross paths with another Vancouver lawyer whom email scammers were impersonating.

“I responded to all those emails, but it's very frustrating,” Manning says.

“A couple of other lawyers in my firm had the same thing happen to them. It seems like the scammers use somebody's name for a while, and then they switch to somebody else. So other Canadian trademark agents who haven't yet been included in this scam, possibly their time is going to come as they work through the directory.”

Brent Arnold, a partner at Gowling WLG in Toronto specializing in privacy and cybersecurity law, often hears about these types of email scams.

“Law firms are huge targets for all kinds of cyber attacks,” he says. “(But) small firms are often the ones that we see the most often as part of this because, among other things, they don't have armies of cybersecurity and endless amounts of tech on the back end.”

Arnold says firms that do intellectual property work are particularly targeted, especially if they do patent work, because they're sitting on a lot of valuable client information that is ripe for attack.

Manning put a notice on his website warning clients about the scam and responded directly to those who emailed him. Those are steps Arnold says lawyers should take if they find themselves in Manning’s position.

“That's all you can do, because this is the kind of attack where you don't even know it's happening until, as has happened here, a client reaches out to you.”

Manning eventually discovered that the domain the emails were registered to was a restaurant in southern Ontario.

“All this hacker did was look at his website, learn a bit about his practice, and then cook up a fairly nice-looking email template. You can do this just with Microsoft's templates online, and start sending out emails from a domain,” Arnold says.

More serious scams involve a hacker accessing a lawyer’s actual email account and sending emails directly from there. Those are much harder to detect because the domain the email address is registered to is legitimate.

“You can't sort of disprove that just by responding back, because if they've got control of the email account, they can then control the conversation without the person who [has] that account even knowing it's happening,” he says.

For anyone who thinks someone might be trying to scam them this way, it’s best to slow down and assess.

“If you get an email like this and it feels like they're trying to get you to panic and do something quickly, always take a step back, take a deep breath and say this is probably a scam,” Arnold says.

“Part of the psychology of scams is scaring people into making rash decisions, handing over their passwords, handing over their banking information, and so on. So, take the time to investigate, and don't make a rash decision just because you feel like you're being pushed to”

Tune in to the podcast to learn more about how lawyers can have “good cyber hygiene” to prevent scams, and how to report cyber attacks to law enforcement. Also in this episode, a fascinating interview with Amy Salyzyn about the recent AI hallucination case at Ontario Superior Court, and a chat with Warren Newman about the 1998 Quebec secession reference.