[WSBAPT] [WSBARP] AI...is that YOU?

Tue Aug 5 12:39:59 PDT 2025

Same EIN.  Same Probate entity.

To notify the IRS of a change in the personal representative for a probate
estate, you need to file *Form 56, Notice Concerning Fiduciary Relationship*
.

*Mark C. McClure* *| *
*Managing Attorney *Law Office of Mark McClure, PS

*"Why Retire With Debt?"*1103 West Meeker Street, #101
Kent, WA 98032

Office:  253.631.6484 (Leave Msg - Will be returned within 24 hours)
Email: Mark at McClureLawGroup.com
Web: www.McClureLawGroup.com <http://www.mcclurelawgroup.com/>

*Notice of Unavailability:*

*August 13, 2025 – August 24, 2025*

*August 28, 2025 – September 01, 2025*

*November 27, 2025 – November 30, 2025*

***NOTE** All visits must be scheduled in advance for access to the
building.  Call *253-631-6484 * to schedule.*

*CONFIDENTIALITY NOTICE:* This email contains legal stuff. If you are not
the intended recipient you could get into a lot of trouble if you read it,
and even more trouble if you tell someone else about it. So, the best thing
to do is ignore it and forget you ever saw it. Thank you.

*From:* wsbarp-bounces at lists.wsbarppt.com <wsbarp-bounces at lists.wsbarppt.com>
*On Behalf Of *Mike Zeno
*Sent:* Tuesday, August 5, 2025 12:38 PM
*To:* WSBA Real Property Listserv <wsbarp at lists.wsbarppt.com>; WSBA Probate
& Trust Listserv <wsbapt at lists.wsbarppt.com>;
solo-and-small-practice-section at list.wsba.org
*Subject:* Re: [WSBARP] AI...is that YOU?

I also received a scam email, purporting to be from an attorney, from
“Zivver.”  Note:  the attorney was not on the list serve.

*The Law Office of G. Michael Zeno, Jr., P.S.*

T:  (425) 947-8050   F:  (425) 947-8052

135 Lake Street S., Suite 257

Kirkland, WA 98033

*Confidential/Privileged Communication:* This email and any attachments are
confidential, privileged and intended only for the intended recipient(s).
Unauthorized disclosure, copying, distribution or use of this email is
prohibited.  If you received this email in error, please notify me
immediately so we can arrange for the message and documents to be returned
and deleted. Thank you.

*IRS Circular 230 Disclaimer:* Any tax advice provided in this
communication (including attachments) is not intended or written to be
used, and it cannot be used, by the recipient or any other taxpayer (i) for
the purpose of avoiding penalties that may be imposed on the recipient or
any other taxpayer, or (ii) in promoting, marketing or recommending to
another party a partnership or other entity, investment plan, arrangement
or other transaction.  You should seek advice based on your particular
circumstances from an independent tax advisor.

*From:* wsbarp-bounces at lists.wsbarppt.com <wsbarp-bounces at lists.wsbarppt.com>
*On Behalf Of *Mark Anderson
*Sent:* Tuesday, August 5, 2025 12:04 PM
*To:* WSBA Probate & Trust Listserv <wsbapt at lists.wsbarppt.com>;
solo-and-small-practice-section at list.wsba.org; wsbarp at lists.wsbarppt.com
*Subject:* Re: [WSBARP] AI...is that YOU?

Dear Dave:

Thanks for the heads-up and for the details of your experience.  Your
recollection was sufficient to put us all on notice.

*Mark B. Anderson*ANDERSON LAW FIRM PLLC
821 Dock Street, Suite 209, PMB 4-12
Tacoma, Washington 98402
+1 253-327-1750
+1 253-327-1751 (fax)
marka at mbaesq.com
www.mbaesq.com

*CONFIDENTIALITY NOTICE*This transmission is confidential and is intended
solely for the use of the individual named recipient. It may be protected
by the attorney-client privilege, work product doctrine, or other
confidentiality protection. If you are not the intended recipient, or the
person responsible to deliver it to the intended recipient, be advised that
any dissemination, distribution, or copying of this communication is
prohibited. If you have received this transmission in error, please
immediately notify the sender via e-mail or by telephone at (253) 327-1750
that you have received the message in error, and then delete it. Thank you.

*From:* wsbapt-bounces at lists.wsbarppt.com <wsbapt-bounces at lists.wsbarppt.com>
*On Behalf Of *Dave Culbertson
*Sent:* Tuesday, August 5, 2025 10:58 AM
*To:* solo-and-small-practice-section at list.wsba.org;
creditor-debtor-section at list.wsba.org; wsbapt at lists.wsbarppt.com;
wsbarp at lists.wsbarppt.com
*Subject:* [WSBAPT] AI...is that YOU?

Hi, Listmates.

Apologies for my 2nd long-winded yammering e-mail today. But I had an
interesting phishing attack last week that I thought I should spread the
word about because it was extremely elaborate and feigned authenticity very
well. It makes me wonder if it was my first AI-generated scam experience.
If so, I’m scared for me in the future.

Here’s what happened:

1.      I got an e-mail from an attorney that I knew from the list-serv.
The subject line was their firm name. Maybe that odd subject line should
have been a flag, but since I’d posted a question jsut before, an incoming
e-mail didn’t seem surprising. I didn’t consider the oddness till
hindsight-time.

2.      On opening the e-mail, it presented itself as one of the
increasingly common “document transfer” systems: “New secure message from
[Name of the attorney sending the e-mail].” It was from an outfit named
“Zivver”. Had a button for “open message”.

3.      I decided to check Zivver out first. Found a website:
https://www.zivver.com/. It looks legit, though somewhat cluttered. So, I
clicked on the open message button. Here is where it got uncannily
elaborate. The button opened some kind of a module (or was it a webpage?)
that had a two-step process. It said something about “enter a code” or
maybe it was “click here for security code”. Had some friendly graphics,
like a cartoon figure of some kind. Whatever it was, when I clicked for the
next step, another module popped up that said something like “see your
e-mail for code”. The little cartoon figure changed in some way that seemed
polished and professionally done—I think it actually did some kind of
animated walk.

·         (Why does my description sound so vague, like I’m trying to
recount a dream? Because I only did it the one time and wasn’t paying close
attention. Everything was seeming legit: no tell-tale misspellings or
Nigerian names. And I’m not gonna click on the button again to give a more
precise description. So the exact details are now a little fuzzy. The
residual fear remains pretty clear, though.)

4.      Right away there was an e-mail in my inbox from “Zivver.com”.
Looked kind of like the first e-mail, with an “open message” button, but
also had a code to “cut and paste”. I think maybe the module or webpage
from earlier had a place to enter the code, and I think that was what I did
(as opposed to clicking on the new e-mail’s button).

5.      This all seemed unnecessarily elaborate up to this point, and a
little tedious. That only made it seem in the vein of a “secure documents
system”. But the first unmistakably skeezy stuff started to happen once I
clicked or entered the code or whatever it was I did:

·         A webpage from Target.com opened up in my browser.

·         At the same time, my Malwarebytes software popped up a module:
“Unsafe page has been blocked”.

·         And a moment or two later, the MS Office 365 sign-in module
popped up as well asking me to sign in.

·         My immediate sophisticated thought process was something like
this: NOOOOOOO....!!!.

6.      But then:

·         I did not re-log into MS Office.

·         I closed all the things to do with the e-mail.

·         I re-set my MS Office log-in by going directly to their site.

·         I declined the Malwarebytes option of proceeding to the unsafe
page.

7.      Here is the aftermath:

·         I think I was protected by Malwarebytes before the attack got
something. I didn’t take the next step of entering any log-in, or going to
the unsafe site. Hoping that was sufficient.

·         I reached out to the attorney, who confirmed they’d had some kind
of hack happen to them.

·         I told the WSBA tech team, who was responsive and helpful and
tried to get some answer from “Zivver.com”, but didn’t hear anything back
from them. Also, the dodgy e-mail I forwarded to the WSBA team was blocked
by their filter. So that seems as far as they can go.

And now I’m telling the brethren. And the sistren. This one was unusually
deceptive: the graphics were slick; it had a multi-step process that lulled
me with the familiar; the grammar, spelling and presentation mirrored
normality and professionalism.

   - It has the peculiar effect of making quote marks seem appropriate on
   every detail. Should I say Zivver.com.or “Zivver.com”? Was it Target.com,
   or “Target.com”? Did I receive a code, or a “code”?
   - There does seem to be a Zivver.com—at least, Google pops up tech
   reviews, and their site seems substantial. So maybe the scam was
   piggybacking on them...or maybe the page that popped up was AI generated to
   mimic them.
   - If this is the level of authenticity at an early phase of AI, it’s
   gonna get impossible. My prediction: as a society we are going to have to
   go back to old ways of doing things that were slower but hard to fake. Like
   more face-to-face time, in 3-D. That will become the only truly reliable
   scenario. Might end up making us a little less alienated, though, out of
   necessity.

Best Regards,

Dave Culbertson

*The Law Office of Davisson Culbertson*

PO 20403

Seattle, WA 98102

*Phone: *(206) 478-8134

*FAX: *(866) 867-7796

*dculbertson at culbertsonlawoffice.com* <dculbertson at culbertsonlawoffice.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/wsbapt/attachments/20250805/b655ad4d/attachment.html>