A scam email was sent around to some National Court Reporters Association (NCRA) members claiming to be for fundraising for “treatment” for “Mindy” and “Kevin,” a fabricated one-year old. Many stenographers received their first alert of the scam from Margary Rogers, NCRA Membership Committee Chair, and the group NCRA Membership Matters.
One of the main giveaways that this was a scam was the domain name, NCRA.org.us. The NCRA’s domain is NCRA.org.
The National Court Reporters Association released a statement immediately, and took measures to educate members on scams.
As a general rule, scammers play off human bits like fear and sympathy. Any time someone is trying to get you to act without thinking, you can be sure a scam or propaganda will follow. The name of the game is manipulation, and our alertness and critical thinking skills are how we win the game.
Our communities and associations are seeing increased scam activity in recent months. We mustn’t allow scammers to pull at our heartstrings and take our hard-earned money. A sincere thank you to those that fight to keep members informed. We need you now more than ever.
In recent years, associations for court reporters have been victims of attempted phishing. I’ve personally read accounts of phishing attempts conducted against New York, Florida, Texas, and Kentucky.
Phishing is a social engineering attack. The usual purpose of a phishing attack is to steal money or information. Some phishing uses very sophisticated measures, like fake websites or phone calls. In court reporting, scammers so far use very low-level techniques to try to trick court reporters. For example, a scammer can pull the name and title of a respectable person from one of our websites, like Jenna Parsons, President of the Kentucky Court Reporters Association.
Then scammers can use reporter directories to get court reporter emails, such as PRO Link, Kentucky’s Find A Reporter, or even New York’s Find A Reporter. Once the scammer has these pieces of information, name, title, and a potential audience, they cast a kind of “virtual net” and try to get something out of the audience, often gift cards, since gift cards are an easy method of stealing money.
There are a few things we can do to thwart scammers.
1. Education. Associations have been doing a great job of educating members whenever phishing attempts are made. For example, KYCRA raised the alarm today on fraudulent emails. FCRA made members aware of phishing just yesterday. These kinds of notices keep members safe. Talking to each other about phishing goes a long way to stopping phishing. Social engineering means it relies on the victim falling for it. Don’t be a victim — if someone in your association is asking for money or gifts, chances are high it’s not a legitimate request. Ask management.
2. Creative website alterations. Scammers often take the easiest road, and sometimes that means using computer programs to scrape info off sites and send emails automatically. In 2020, NYSCRA board members were receiving constant fake emails from someone impersonating then-President Joshua Edwards, asking for gift cards. These emails seemed to be going mostly to board members. We quickly figured out that the scammers were likely using a website crawler to grab the president’s name off of the contact page, and then email the board members, whose emails are listed. This spam was reduced by altering the emails to have an “at” instead of an “@.” To this day, NYSCRA uses the “at.” Since most computer programs scraping email addresses will be searching for an “@,” it becomes harder for a computer program to automatically lift the information and send emails by using the “at.” Another potential solution for us is to lay out board member information in image form instead of text, since most scammers will be using programs seeking the word “president” and not an image of the word president. The largest drawback to using images is that it takes up more space, can make websites slower, and is time consuming, so I don’t expect this to be adopted by most associations. But the “@ to at” fix can be worthwhile and simple.
3. Don’t panic. The largest threat we face from phishing is our collective reaction to it. Ultimately we need associations to have a web presence and be accessible. Some of us have a “circle the wagons” mentality to technology. Scammers targeting the website? Delete the website. This is a type of panic response we have to avoid. By continuing to educate each other, we can widen the shield and ensure none of us are taken advantage of.
Any other states or reporters that have been the victim of attempted phishing lately? Feel free to drop your tips for avoiding scams below.
Cassandra Caldarella from CoverCrow, Inc. passed me an example of a scam email she received in California. As you can see it lifts and fraudulently uses Tamara Houston’s name and information, but it is not a genuine request from CCRA. If you get a similar email from an association you love, it’s probably fake!
I read and learn about scams frequently. The terrible thing about a great scam is that it’s adaptable to almost any market or format. Court reporting’s a got a wide range of people in it, from technological masterminds to the folks that only deal with the bare minimum that they need to know to do their job. This’ll be mostly for the latter! Here are a few common scams you may run across.
The check cashing scam. In American payments and banking, many of us still use checks. Always know where your check is coming from and get your guard up if the check is in the wrong amount. To very quickly run through this scam, someone will send you a check, usually “overpay” by hundreds or thousands of dollars, and then ask for some money back. In our banking system, the bank must release the money to you in one or two days, so most people look at their account and believe the check has cleared. So let’s say you get a $1,000 check. You deposit it and the bank lets you withdraw this instantly. The payer says “whoops, I overpaid, please wire me back $500.” No problem. You send the $500. It can take several weeks for the bank to discover the check is fraudulent. When they do, they deduct $1,000 from your account, and probably add a bounced check fee. So now you have an account that is negative $500, and you’re on the hook for it! This is not like credit theft where the bank must reimburse theft that isn’t your fault, and thousands upon thousands of dollars are lost through this common scam. For court reporters that deal with checks, you are a huge target for this scam.
The infected computer scam. All of a sudden your computer locks up or starts making noise. “Alert. Alert. Your computer is infected. Call Microsoft immediately.” The way this scam goes is someone has gotten a piece of malware on your computer OR they have tricked you into thinking that there is malware on your computer through a popup. Their goal is to get you to call the number and pay them some money to “fix” your computer. The major problem with this is that they are not Microsoft. They usually get you to give them access to your PC through remote PC services, and once they have that kind of access they may steal more information, mess up your PC more, or fix your problem. You’re basically at their mercy. To avoid that, your best bet is usually to NOT CALL, save your work, close all the windows on the computer, and try to restart the computer. CTRL + ALT + DELETE can help you bring up the task manager window on most Windows computers. You can view all the “processes” running on your computer. There’s a lot of stuff there you won’t recognize. In my experience, viruses are usually poorly named, like bwejrj.exe. Once you get the “bad” process done, you can go to the “startup” tab, find it, and disable it there to make sure it doesn’t start when Windows starts. Once the virus is disabled in this manner, you can generally run your antivirus and your computer without worrying too much about it. If it’s not running and never set to run, it’s like it doesn’t exist. On older computers, you should use your search bar to find “msconfig.exe.” This is where the startup tab is on older computers. If you’re not good with computers and you’re using msconfig.exe, only use the “services” and “startup” tab. Don’t touch the other tabs. A family member once had a virus that closed all windows on the computer. By opening the task manager and tapping the delete key, I was able to kill the process (even though it kept closing task manager.) I’m firmly convinced that most malware is programmed poorly and that this trick will help you out. It’s much better than giving your money away to scammers. I’ll leave some screenshots for people that need to visualize it. Our computers are really important for our work, so having this basic knowledge up your sleeve is good.
The fake program scam. This is something we are seeing in gaming, and it’s probably only a matter of time before some scammer tries it on our software. Generally, these types of scams have to do with promising you that an application that is not made for your phone can be run on your phone, or unlocking some special feature in your software. So imagine a world where somebody comes out and says you can get CAT on your phone or you can unlock this super special feature if you just answer some survey questions. Wow! CAT software is so expensive and this feature sounds great. They might even send you a video of them doing it! Generally, the video is faked. What they are trying to do is get you to answer surveys or give up personal information so that they can sell that. Your time is wasted, they make money off your time, and you get nothing. If you’re really not sure, contact your manufacturer. Even if their logo is terrible, the chance they’re helping your scammer is basically nothing.
Gift cards and email scams. To break this one down, I’m going to explain that there are programs that “crawl” the internet looking for e-mails. Once they find an e-mail, automated messages can be sent out by the thousands from thousands of different e-mail addresses. So, for example, when you have something like the NCRA or NYSCRA board, our e-mails are public. We want members to have our e-mails. We want reporters in our state or field to be able to contact us. That’s just how it goes. We can try to put the [at] instead of the @ in our e-mail to throw off the crawler programs, but at the end of the day, scammers have access to our names. If you post your e-mail address publicly, these programs will similarly have access to your e-mail. You may get a fake e-mail that says it’s from your associations, or your association president. The biggest red flag with this scam is that it asks for money or a gift card. Gift cards are basically untraceable and once you send a gift card code to a scammer, that money’s gone. The best way to shield yourself is to never ever give gift card codes over e-mail. If you want to donate a gift card for an association event, it should be done by mail or in person at sanctioned and publicized events. I can’t stress enough that no volunteer board member is going to be asking you for gift cards over an e-mail with no context or clear reason, so do yourself a favor and hit delete. Please note there are variations of this scam where the scammer tries to tell you your friend or loved one is in prison and needs those gift cards immediately. Don’t let them toy with you. You’re smarter than that.
The subscription or spoof scam. Months ago someone wrote to me and stated “I never signed up for your blog, but I’m getting e-mails from it! Did XYZ Corporation sell my e-mail to you?!” No. This is a different type of scam in that it’s not so much money that’s at stake, but reputation. Someone can go to a subscription site and stick your e-mail in the box. They might be doing this with the intention to harass or annoy you, or they may be doing it with the intention to sour your feelings about the other party by getting you hit with unsolicited e-mails. There’s also a variant of this scam where the party may send you nasty e-mails pretending to be someone else, or post on an internet forum or subreddit pretending to be someone else. They can even use masking or spoofing to make it look like it’s coming from the person’s actual e-mail! So, if you’re getting bombarded by an unwanted subscription, take some time out to look for the unsubscribe link in the e-mail, most honest subscriptions have them. If you have any doubts about the authenticity of an e-mail, instead of replying directly, you can compose a new e-mail to the person. For example, let’s say you get an e-mail tomorrow from ChristopherDay227@gmail.com, but it’s saying horrible, nasty, hateful things. That’s very outside my character unless I’m having a nervous breakdown or deeply emotional moment. If you hit reply, you may send an e-mail back to the scammer who can continue to mess with you in my name. If you compose a brand new e-mail to ChristopherDay227@gmail.com, you’ll get me, at which point I can hopefully clear the whole thing up. Same thing goes for cellphones. Someone can make it look like they’re calling from my number very easily, but they can’t receive my calls without some serious hacking. This kind of thing is prevalent. I use myself as an example here, but it can happen to anyone. They can pretend to be your boss, your union president, your agency. The good news is you can outsmart them pretty easily.
The good news for court reporters is that the average scammer’s livelihood depends on scamming as many people as possible. This often means that scams are not often tailored to our specific profession, and that can help raise red flags and identify scams. That said, knowing reporters who have fallen for these, and knowing we can prevent that, I feel it’s important to speak up and beat back the scammers. Reporters are, on average, getting older, and many of these scammers attempt to prey upon older people who may lead very busy lives and are not able to read about these scams. Many of our recruits are younger people who are often unaware of the myriad ways that people can try to take advantage of them. Divided, it might be easy enough for them to fool one or two people. Together, we can outsmart all of ’em.