The NJSBA is aware of spoofed emails circulating that purport to be from NJSBA leadership regarding a "confidential matter." These emails often originate from fake domains (e.g., ending in @njsba.sendcrp.com) and ask members to confirm their phone number. These are scams. Please check the sender's email address carefully – only emails from @njsba.com are official NJSBA communications. If you are unsure, do not reply – email our Customer Service team at [email protected] directly to verify. Read on for guidance on what to do with phishing emails.
The scam looks like this:
• Fake email from "njsba.com. sendrcp.com,” (notice the extra "sendrcp.com,” " – the tone of the email will be accurate as will most of the look and feel)
• Looks totally legitimate at first glance
• Goal is to get you to click links or give up information
Red flags to look for in your email:
• Unexpected urgent requests for action
• Requests for passwords or sensitive information
• Generic greetings instead of your actual name
• Links that don't go where they claim (hover to check)
What to Do If You Get Something Suspicious
Simple steps:
1. DON'T click anything or reply
2. Forward to IT at [security email] with "SUSPICIOUS" in subject
3. When in doubt, call the sender using a number you already have
4. Never use contact info from the suspicious email to verify
If you clicked something by mistake:
• Change passwords immediately
• Tell IT right away
• Don't be embarrassed – it happens to everyone
Bottom Line
Bar associations are targeted because scammers know legal professionals handle sensitive data and large transactions. When something seems off, trust your gut and ask questions.