[WSBARP] AI...is that YOU?

Lynn Clare lynnclare at clarelawfirm.com
Tue Aug 5 13:31:08 PDT 2025 

I received a scam email from a potential client who contacted me several
months ago --- very convincing until she begged me to buy a gift card "to
give to a friend who has cancer" and promised she would pay me back.

This is in addition to the emails I get weekly from poor overseas ladies
whose "wealthy husband lives in my state" and owes her a couple hundred
thousand on a foreign judgment WRITTEN IN ENGLISH and won't I please help
her children get the money their father owes them? Oh also, he abused her.

The filters do not catch all of them.

Lynn Clare
Clare Law Firm

On Tue, Aug 5, 2025 at 12:37 PM Mike Zeno <mikez at zenolawfirm.com> wrote:

> I also received a scam email, purporting to be from an attorney, from
> “Zivver.”  Note:  the attorney was not on the list serve.
>
>
>
> *The Law Office of G. Michael Zeno, Jr., P.S.*
>
> T:  (425) 947-8050   F:  (425) 947-8052
>
> 135 Lake Street S., Suite 257
>
> Kirkland, WA 98033
>
>
>
> *Confidential/Privileged Communication:* This email and any attachments
> are confidential, privileged and intended only for the intended
> recipient(s).  Unauthorized disclosure, copying, distribution or use of
> this email is prohibited.  If you received this email in error, please
> notify me immediately so we can arrange for the message and documents to be
> returned and deleted. Thank you.
>
> *IRS Circular 230 Disclaimer:* Any tax advice provided in this
> communication (including attachments) is not intended or written to be
> used, and it cannot be used, by the recipient or any other taxpayer (i) for
> the purpose of avoiding penalties that may be imposed on the recipient or
> any other taxpayer, or (ii) in promoting, marketing or recommending to
> another party a partnership or other entity, investment plan, arrangement
> or other transaction.  You should seek advice based on your particular
> circumstances from an independent tax advisor.
>
>
>
> *From:* wsbarp-bounces at lists.wsbarppt.com <
> wsbarp-bounces at lists.wsbarppt.com> *On Behalf Of *Mark Anderson
> *Sent:* Tuesday, August 5, 2025 12:04 PM
> *To:* WSBA Probate & Trust Listserv <wsbapt at lists.wsbarppt.com>;
> solo-and-small-practice-section at list.wsba.org; wsbarp at lists.wsbarppt.com
> *Subject:* Re: [WSBARP] AI...is that YOU?
>
>
>
> Dear Dave:
>
> Thanks for the heads-up and for the details of your experience.  Your
> recollection was sufficient to put us all on notice.
>
>
> *Mark B. Anderson *ANDERSON LAW FIRM PLLC
> 821 Dock Street, Suite 209, PMB 4-12
> Tacoma, Washington 98402
> +1 253-327-1750
> +1 253-327-1751 (fax)
> marka at mbaesq.com
> www.mbaesq.com
>
>
> *CONFIDENTIALITY NOTICE *This transmission is confidential and is
> intended solely for the use of the individual named recipient. It may be
> protected by the attorney-client privilege, work product doctrine, or other
> confidentiality protection. If you are not the intended recipient, or the
> person responsible to deliver it to the intended recipient, be advised that
> any dissemination, distribution, or copying of this communication is
> prohibited. If you have received this transmission in error, please
> immediately notify the sender via e-mail or by telephone at (253) 327-1750
> that you have received the message in error, and then delete it. Thank you.
>
>
>
> *From:* wsbapt-bounces at lists.wsbarppt.com <
> wsbapt-bounces at lists.wsbarppt.com> *On Behalf Of *Dave Culbertson
> *Sent:* Tuesday, August 5, 2025 10:58 AM
> *To:* solo-and-small-practice-section at list.wsba.org;
> creditor-debtor-section at list.wsba.org; wsbapt at lists.wsbarppt.com;
> wsbarp at lists.wsbarppt.com
> *Subject:* [WSBAPT] AI...is that YOU?
>
>
>
> Hi, Listmates.
>
> Apologies for my 2nd long-winded yammering e-mail today. But I had an
> interesting phishing attack last week that I thought I should spread the
> word about because it was extremely elaborate and feigned authenticity very
> well. It makes me wonder if it was my first AI-generated scam experience.
> If so, I’m scared for me in the future.
>
> Here’s what happened:
>
> 1.      I got an e-mail from an attorney that I knew from the list-serv.
> The subject line was their firm name. Maybe that odd subject line should
> have been a flag, but since I’d posted a question jsut before, an incoming
> e-mail didn’t seem surprising. I didn’t consider the oddness till
> hindsight-time.
>
> 2.      On opening the e-mail, it presented itself as one of the
> increasingly common “document transfer” systems: “New secure message from
> [Name of the attorney sending the e-mail].” It was from an outfit named
> “Zivver”. Had a button for “open message”.
>
> 3.      I decided to check Zivver out first. Found a website:
> https://www.zivver.com/. It looks legit, though somewhat cluttered. So, I
> clicked on the open message button. Here is where it got uncannily
> elaborate. The button opened some kind of a module (or was it a webpage?)
> that had a two-step process. It said something about “enter a code” or
> maybe it was “click here for security code”. Had some friendly graphics,
> like a cartoon figure of some kind. Whatever it was, when I clicked for the
> next step, another module popped up that said something like “see your
> e-mail for code”. The little cartoon figure changed in some way that seemed
> polished and professionally done—I think it actually did some kind of
> animated walk.
>
> ·         (Why does my description sound so vague, like I’m trying to
> recount a dream? Because I only did it the one time and wasn’t paying close
> attention. Everything was seeming legit: no tell-tale misspellings or
> Nigerian names. And I’m not gonna click on the button again to give a more
> precise description. So the exact details are now a little fuzzy. The
> residual fear remains pretty clear, though.)
>
> 4.      Right away there was an e-mail in my inbox from “Zivver.com”.
> Looked kind of like the first e-mail, with an “open message” button, but
> also had a code to “cut and paste”. I think maybe the module or webpage
> from earlier had a place to enter the code, and I think that was what I did
> (as opposed to clicking on the new e-mail’s button).
>
> 5.      This all seemed unnecessarily elaborate up to this point, and a
> little tedious. That only made it seem in the vein of a “secure documents
> system”. But the first unmistakably skeezy stuff started to happen once I
> clicked or entered the code or whatever it was I did:
>
> ·         A webpage from Target.com opened up in my browser.
>
> ·         At the same time, my Malwarebytes software popped up a module:
> “Unsafe page has been blocked”.
>
> ·         And a moment or two later, the MS Office 365 sign-in module
> popped up as well asking me to sign in.
>
> ·         My immediate sophisticated thought process was something like
> this: NOOOOOOO....!!!.
>
> 6.      But then:
>
> ·         I did not re-log into MS Office.
>
> ·         I closed all the things to do with the e-mail.
>
> ·         I re-set my MS Office log-in by going directly to their site.
>
> ·         I declined the Malwarebytes option of proceeding to the unsafe
> page.
>
> 7.      Here is the aftermath:
>
> ·         I think I was protected by Malwarebytes before the attack got
> something. I didn’t take the next step of entering any log-in, or going to
> the unsafe site. Hoping that was sufficient.
>
> ·         I reached out to the attorney, who confirmed they’d had some
> kind of hack happen to them.
>
> ·         I told the WSBA tech team, who was responsive and helpful and
> tried to get some answer from “Zivver.com”, but didn’t hear anything back
> from them. Also, the dodgy e-mail I forwarded to the WSBA team was blocked
> by their filter. So that seems as far as they can go.
>
>
>
> And now I’m telling the brethren. And the sistren. This one was unusually
> deceptive: the graphics were slick; it had a multi-step process that lulled
> me with the familiar; the grammar, spelling and presentation mirrored
> normality and professionalism.
>
>    - It has the peculiar effect of making quote marks seem appropriate on
>    every detail. Should I say Zivver.com.or “Zivver.com”? Was it Target.com,
>    or “Target.com”? Did I receive a code, or a “code”?
>    - There does seem to be a Zivver.com—at least, Google pops up tech
>    reviews, and their site seems substantial. So maybe the scam was
>    piggybacking on them...or maybe the page that popped up was AI generated to
>    mimic them.
>    - If this is the level of authenticity at an early phase of AI, it’s
>    gonna get impossible. My prediction: as a society we are going to have to
>    go back to old ways of doing things that were slower but hard to fake. Like
>    more face-to-face time, in 3-D. That will become the only truly reliable
>    scenario. Might end up making us a little less alienated, though, out of
>    necessity.
>
>
>
>
>
> Best Regards,
>
>
>
>
>
> Dave Culbertson
>
>
>
> *The Law Office of Davisson Culbertson*
>
> PO 20403
>
> Seattle, WA 98102
>
>
>
> *Phone: *(206) 478-8134
>
> *FAX: *(866) 867-7796
>
>
>
> *dculbertson at culbertsonlawoffice.com*
> <dculbertson at culbertsonlawoffice.com>
>
>
>
>
> ***Disclaimer: Please note that RPPT listserv participation is not
> restricted to practicing attorneys and may include non-practicing
> attorneys, law students, professionals working in related fields, and
> others.***
>
> _______________________________________________
> WSBARP mailing list
> WSBARP at lists.wsbarppt.com
> http://mailman.fsr.com/mailman/listinfo/wsbarp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.fsr.com/pipermail/wsbarp/attachments/20250805/c229bb67/attachment.html>

More information about the WSBARP mailing list