Phishing for Court Reporting Associations

In recent years, associations for court reporters have been victims of attempted phishing. I’ve personally read accounts of phishing attempts conducted against New York, Florida, Texas, and Kentucky.

Phishing is a social engineering attack. The usual purpose of a phishing attack is to steal money or information. Some phishing uses very sophisticated measures, like fake websites or phone calls. In court reporting, scammers so far use very low-level techniques to try to trick court reporters. For example, a scammer can pull the name and title of a respectable person from one of our websites, like Jenna Parsons, President of the Kentucky Court Reporters Association.

Then scammers can use reporter directories to get court reporter emails, such as PRO Link, Kentucky’s Find A Reporter, or even New York’s Find A Reporter. Once the scammer has these pieces of information, name, title, and a potential audience, they cast a kind of “virtual net” and try to get something out of the audience, often gift cards, since gift cards are an easy method of stealing money.

There are a few things we can do to thwart scammers.

1. Education. Associations have been doing a great job of educating members whenever phishing attempts are made. For example, KYCRA raised the alarm today on fraudulent emails. FCRA made members aware of phishing just yesterday. These kinds of notices keep members safe. Talking to each other about phishing goes a long way to stopping phishing. Social engineering means it relies on the victim falling for it. Don’t be a victim — if someone in your association is asking for money or gifts, chances are high it’s not a legitimate request. Ask management.

2. Creative website alterations. Scammers often take the easiest road, and sometimes that means using computer programs to scrape info off sites and send emails automatically. In 2020, NYSCRA board members were receiving constant fake emails from someone impersonating then-President Joshua Edwards, asking for gift cards. These emails seemed to be going mostly to board members. We quickly figured out that the scammers were likely using a website crawler to grab the president’s name off of the contact page, and then email the board members, whose emails are listed. This spam was reduced by altering the emails to have an “at” instead of an “@.” To this day, NYSCRA uses the “at.” Since most computer programs scraping email addresses will be searching for an “@,” it becomes harder for a computer program to automatically lift the information and send emails by using the “at.” Another potential solution for us is to lay out board member information in image form instead of text, since most scammers will be using programs seeking the word “president” and not an image of the word president. The largest drawback to using images is that it takes up more space, can make websites slower, and is time consuming, so I don’t expect this to be adopted by most associations. But the “@ to at” fix can be worthwhile and simple.

3. Don’t panic. The largest threat we face from phishing is our collective reaction to it. Ultimately we need associations to have a web presence and be accessible. Some of us have a “circle the wagons” mentality to technology. Scammers targeting the website? Delete the website. This is a type of panic response we have to avoid. By continuing to educate each other, we can widen the shield and ensure none of us are taken advantage of.

Any other states or reporters that have been the victim of attempted phishing lately? Feel free to drop your tips for avoiding scams below.

*Addendum:

Cassandra Caldarella from CoverCrow, Inc. passed me an example of a scam email she received in California. As you can see it lifts and fraudulently uses Tamara Houston’s name and information, but it is not a genuine request from CCRA. If you get a similar email from an association you love, it’s probably fake!