[WSBAPT] AI...is that YOU?

Mark Anderson marka at mbaesq.com
Tue Aug 5 12:03:42 PDT 2025 

Dear Dave:
Thanks for the heads-up and for the details of your experience.  Your recollection was sufficient to put us all on notice.
Mark B. Anderson
ANDERSON LAW FIRM PLLC
821 Dock Street, Suite 209, PMB 4-12
Tacoma, Washington 98402
+1 253-327-1750
+1 253-327-1751 (fax)
marka at mbaesq.com<mailto:marka at mbaesq.com>
www.mbaesq.com<http://www.mbaesq.com/>
CONFIDENTIALITY NOTICE
This transmission is confidential and is intended solely for the use of the individual named recipient. It may be protected by the attorney-client privilege, work product doctrine, or other confidentiality protection. If you are not the intended recipient, or the person responsible to deliver it to the intended recipient, be advised that any dissemination, distribution, or copying of this communication is prohibited. If you have received this transmission in error, please immediately notify the sender via e-mail or by telephone at (253) 327-1750 that you have received the message in error, and then delete it. Thank you.

From: wsbapt-bounces at lists.wsbarppt.com <wsbapt-bounces at lists.wsbarppt.com> On Behalf Of Dave Culbertson
Sent: Tuesday, August 5, 2025 10:58 AM
To: solo-and-small-practice-section at list.wsba.org; creditor-debtor-section at list.wsba.org; wsbapt at lists.wsbarppt.com; wsbarp at lists.wsbarppt.com
Subject: [WSBAPT] AI...is that YOU?

Hi, Listmates.
Apologies for my 2nd long-winded yammering e-mail today. But I had an interesting phishing attack last week that I thought I should spread the word about because it was extremely elaborate and feigned authenticity very well. It makes me wonder if it was my first AI-generated scam experience. If so, I'm scared for me in the future.
Here's what happened:

1.      I got an e-mail from an attorney that I knew from the list-serv. The subject line was their firm name. Maybe that odd subject line should have been a flag, but since I'd posted a question jsut before, an incoming e-mail didn't seem surprising. I didn't consider the oddness till hindsight-time.

2.      On opening the e-mail, it presented itself as one of the increasingly common "document transfer" systems: "New secure message from [Name of the attorney sending the e-mail]." It was from an outfit named "Zivver". Had a button for "open message".

3.      I decided to check Zivver out first. Found a website: https://www.zivver.com/. It looks legit, though somewhat cluttered. So, I clicked on the open message button. Here is where it got uncannily elaborate. The button opened some kind of a module (or was it a webpage?) that had a two-step process. It said something about "enter a code" or maybe it was "click here for security code". Had some friendly graphics, like a cartoon figure of some kind. Whatever it was, when I clicked for the next step, another module popped up that said something like "see your e-mail for code". The little cartoon figure changed in some way that seemed polished and professionally done-I think it actually did some kind of animated walk.

*         (Why does my description sound so vague, like I'm trying to recount a dream? Because I only did it the one time and wasn't paying close attention. Everything was seeming legit: no tell-tale misspellings or Nigerian names. And I'm not gonna click on the button again to give a more precise description. So the exact details are now a little fuzzy. The residual fear remains pretty clear, though.)

4.      Right away there was an e-mail in my inbox from "Zivver.com". Looked kind of like the first e-mail, with an "open message" button, but also had a code to "cut and paste". I think maybe the module or webpage from earlier had a place to enter the code, and I think that was what I did (as opposed to clicking on the new e-mail's button).

5.      This all seemed unnecessarily elaborate up to this point, and a little tedious. That only made it seem in the vein of a "secure documents system". But the first unmistakably skeezy stuff started to happen once I clicked or entered the code or whatever it was I did:

*         A webpage from Target.com opened up in my browser.

*         At the same time, my Malwarebytes software popped up a module: "Unsafe page has been blocked".

*         And a moment or two later, the MS Office 365 sign-in module popped up as well asking me to sign in.

*         My immediate sophisticated thought process was something like this: NOOOOOOO....!!!.

6.      But then:

*         I did not re-log into MS Office.

*         I closed all the things to do with the e-mail.

*         I re-set my MS Office log-in by going directly to their site.

*         I declined the Malwarebytes option of proceeding to the unsafe page.

7.      Here is the aftermath:

*         I think I was protected by Malwarebytes before the attack got something. I didn't take the next step of entering any log-in, or going to the unsafe site. Hoping that was sufficient.

*         I reached out to the attorney, who confirmed they'd had some kind of hack happen to them.

*         I told the WSBA tech team, who was responsive and helpful and tried to get some answer from "Zivver.com", but didn't hear anything back from them. Also, the dodgy e-mail I forwarded to the WSBA team was blocked by their filter. So that seems as far as they can go.

And now I'm telling the brethren. And the sistren. This one was unusually deceptive: the graphics were slick; it had a multi-step process that lulled me with the familiar; the grammar, spelling and presentation mirrored normality and professionalism.

  *   It has the peculiar effect of making quote marks seem appropriate on every detail. Should I say Zivver.com.or "Zivver.com"? Was it Target.com, or "Target.com"? Did I receive a code, or a "code"?
  *   There does seem to be a Zivver.com-at least, Google pops up tech reviews, and their site seems substantial. So maybe the scam was piggybacking on them...or maybe the page that popped up was AI generated to mimic them.
  *   If this is the level of authenticity at an early phase of AI, it's gonna get impossible. My prediction: as a society we are going to have to go back to old ways of doing things that were slower but hard to fake. Like more face-to-face time, in 3-D. That will become the only truly reliable scenario. Might end up making us a little less alienated, though, out of necessity.


Best Regards,


Dave Culbertson

The Law Office of Davisson Culbertson
PO 20403
Seattle, WA 98102

Phone: (206) 478-8134
FAX: (866) 867-7796

dculbertson at culbertsonlawoffice.com<mailto:dculbertson at culbertsonlawoffice.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/wsbapt/attachments/20250805/4f189077/attachment.html>

More information about the WSBAPT mailing list