The NJSBA cautions members against responding to deceptive emails designed to look like official Association communications. Members have reported receiving emails with the domain “njsba.com.virumail.com,” a scam address that is not affiliated with the NJSBA. Those who receive these messages should contact their IT department. Read on for guidance on what to do with phishing emails.
The scam looks like this:
• Fake email from "njsba.com.virumail.com" (notice the extra ".virrumail.com" – the tone of the email will be accurate as will most of the look and feel)
• Looks totally legitimate at first glance
• Goal is to get you to click links or give up information
Red flags to look for in your email:
• Unexpected urgent requests for action
• Requests for passwords or sensitive information
• Generic greetings instead of your actual name
• Links that don't go where they claim (hover to check)
What to Do If You Get Something Suspicious
Simple steps:
1. DON'T click anything or reply
2. Forward to IT at [security email] with "SUSPICIOUS" in subject
3. When in doubt, call the sender using a number you already have
4. Never use contact info from the suspicious email to verify
If you clicked something by mistake:
• Change passwords immediately
• Tell IT right away
• Don't be embarrassed - happens to everyone
Bottom Line
Bar Associations are being targeted because scammers know legal professionals handle sensitive data and large transactions. When something seems off, trust your gut and ask questions.