[WSBAPT] AI...is that YOU?

Dave Culbertson dculbertson at culbertsonlawoffice.com
Tue Aug 5 10:57:35 PDT 2025 

Hi, Listmates.
Apologies for my 2nd long-winded yammering e-mail today. But I had an interesting phishing attack last week that I thought I should spread the word about because it was extremely elaborate and feigned authenticity very well. It makes me wonder if it was my first AI-generated scam experience. If so, I'm scared for me in the future.
Here's what happened:

1.     I got an e-mail from an attorney that I knew from the list-serv. The subject line was their firm name. Maybe that odd subject line should have been a flag, but since I'd posted a question jsut before, an incoming e-mail didn't seem surprising. I didn't consider the oddness till hindsight-time.

2.     On opening the e-mail, it presented itself as one of the increasingly common "document transfer" systems: "New secure message from [Name of the attorney sending the e-mail]." It was from an outfit named "Zivver". Had a button for "open message".

3.     I decided to check Zivver out first. Found a website: https://www.zivver.com/. It looks legit, though somewhat cluttered. So, I clicked on the open message button. Here is where it got uncannily elaborate. The button opened some kind of a module (or was it a webpage?) that had a two-step process. It said something about "enter a code" or maybe it was "click here for security code". Had some friendly graphics, like a cartoon figure of some kind. Whatever it was, when I clicked for the next step, another module popped up that said something like "see your e-mail for code". The little cartoon figure changed in some way that seemed polished and professionally done-I think it actually did some kind of animated walk.

*       (Why does my description sound so vague, like I'm trying to recount a dream? Because I only did it the one time and wasn't paying close attention. Everything was seeming legit: no tell-tale misspellings or Nigerian names. And I'm not gonna click on the button again to give a more precise description. So the exact details are now a little fuzzy. The residual fear remains pretty clear, though.)

4.     Right away there was an e-mail in my inbox from "Zivver.com". Looked kind of like the first e-mail, with an "open message" button, but also had a code to "cut and paste". I think maybe the module or webpage from earlier had a place to enter the code, and I think that was what I did (as opposed to clicking on the new e-mail's button).

5.     This all seemed unnecessarily elaborate up to this point, and a little tedious. That only made it seem in the vein of a "secure documents system". But the first unmistakably skeezy stuff started to happen once I clicked or entered the code or whatever it was I did:

*       A webpage from Target.com opened up in my browser.

*       At the same time, my Malwarebytes software popped up a module: "Unsafe page has been blocked".

*       And a moment or two later, the MS Office 365 sign-in module popped up as well asking me to sign in.

*       My immediate sophisticated thought process was something like this: NOOOOOOO....!!!.

6.     But then:

*       I did not re-log into MS Office.

*       I closed all the things to do with the e-mail.

*       I re-set my MS Office log-in by going directly to their site.

*       I declined the Malwarebytes option of proceeding to the unsafe page.

7.     Here is the aftermath:

*       I think I was protected by Malwarebytes before the attack got something. I didn't take the next step of entering any log-in, or going to the unsafe site. Hoping that was sufficient.

*       I reached out to the attorney, who confirmed they'd had some kind of hack happen to them.

*       I told the WSBA tech team, who was responsive and helpful and tried to get some answer from "Zivver.com", but didn't hear anything back from them. Also, the dodgy e-mail I forwarded to the WSBA team was blocked by their filter. So that seems as far as they can go.

And now I'm telling the brethren. And the sistren. This one was unusually deceptive: the graphics were slick; it had a multi-step process that lulled me with the familiar; the grammar, spelling and presentation mirrored normality and professionalism.

  *   It has the peculiar effect of making quote marks seem appropriate on every detail. Should I say Zivver.com.or "Zivver.com"? Was it Target.com, or "Target.com"? Did I receive a code, or a "code"?
  *   There does seem to be a Zivver.com-at least, Google pops up tech reviews, and their site seems substantial. So maybe the scam was piggybacking on them...or maybe the page that popped up was AI generated to mimic them.
  *   If this is the level of authenticity at an early phase of AI, it's gonna get impossible. My prediction: as a society we are going to have to go back to old ways of doing things that were slower but hard to fake. Like more face-to-face time, in 3-D. That will become the only truly reliable scenario. Might end up making us a little less alienated, though, out of necessity.


Best Regards,


Dave Culbertson

The Law Office of Davisson Culbertson
PO 20403
Seattle, WA 98102

Phone: (206) 478-8134
FAX: (866) 867-7796

dculbertson at culbertsonlawoffice.com<mailto:dculbertson at culbertsonlawoffice.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/wsbapt/attachments/20250805/1889e0b4/attachment.html>

More information about the WSBAPT mailing list