Ulistic Projects Blog

Attorneys have unique needs for the storage of information while needing to access data on clients and cases from remote locations. That’s why cloud computing has become such a popular option for lawyers. However, the value of cloud computing needs to be tempered with concerns about security and privacy.

Below is your 2019 introductory guide to cloud computing for lawyers.

What Is Cloud Computing?

Cloud computing is web-based, off-site storage of software and data, and is often referred to as software as a service (SaaS). It allows for access to files and software applications from most mobile devices if there’s an available internet connection.

Among some of the most popular commercial cloud-based storage solutions are Dropbox, Google Drive, OneDrive and iCloud. Some of these services are provided for free and others charge a nominal monthly or annual fee, usually based on the amount of storage required. Housing applications in the cloud usually is best done via a managed IT services provider that can configure and monitor the solution on your behalf.

What Are the Advantages to Cloud Computing?

Cloud computing helps busy attorneys stay connected to information critical to their work. Here’s a closer look at some of the core benefits of cloud computing for lawyers:

• Access. Attorneys are often working out of the office meeting with clients or appearing in court. When they need access to information, it’s usually an urgent situation. With cloud-based access, attorneys can access necessary information in the moment of need. Wherever there’s an internet connection, lawyers can immediately connect, without needing to email files to one’s self or using hard-to-use remote software to log in.
• Cost. Cloud computing is predictable and inexpensive, with a flat monthly or annual fee that allows for better collaboration, networking and storage.
• Backup. Cloud computing provides you with a reliable and protected digital backup of your files and applications, ensuring they are recoverable and usable in the event of software corruption, server failure, human error, natural disaster or cyber attack.
• Multi-Device Functionality. Cloud computing allows you to access information from any device (smartphones, laptops, desktops or tablets) or operating system. If you use a PC at the office and a Mac at home, there’s no issue.
• Less Internal IT Costs. When you use cloud solutions, you won’t have to buy, install and maintain servers and other equipment if you were hosting these applications and information yourself. Software licensing is often included in monthly managed IT services, which can monitor your software warranty and renewal terms and timing. Also, cloud solutions provide for automated updating and patching, meaning you’ll have access to new features and updated security measures. The cloud option means less burden on internal IT staffers or the need for expensive one-time service requests by third parties.
• E-Filing. When your firm needs to file materials with courts or government agencies, digital files — and remote access to them — makes e-filing simpler. There’s no need to convert paper to PDFs or hand-deliver information when required documents can be sent digitally.
• Scalability. Cloud computing allows for flexible expansion or contraction as your firm’s needs evolve. You quickly can add more storage or reduce your capacity. With the cloud, you will not have to scramble to buy, install and configure a new server or overbuy server space you do not need.
• Intuitive Use. Setting up a workstation for a new employee takes a lot of time, especially to install software and train them on applications. A cloud-based infrastructure means new users can be added or removed quickly. You can also reduce your PC purchase costs by using simpler devices that cost hundreds less.

How Is Information Secured in Cloud Computing?

Keeping information protected is a moral and legal obligation for attorneys. With cloud computing, you have added security functions and peace of mind.

Lawyers are obligated to provide “reasonable care” to prevent unauthorized disclosures or access to information. However, states have different definitions of “reasonable care” but generally include the following:

• Data encryption
• Use of current, best-practice technology
• Review of service providers’ requirements regarding data ownership and access

Cloud security features can ensure that data is encrypted while in transit or at rest, access is limited and suspicious activity is detected, quarantined and addressed before any serious damage occurs. Some law firms need to meet mandated guidelines for work with government agencies like the Department of Defense or the Central Intelligence Agency. In such cases, cloud security solutions are available that address those mandates through threat detection, machine learning and automated monitoring of data and applications.

What Are the Ethical Concerns Regarding Cloud Computing for Lawyers?

U.S. state ethics commissions have ruled that cloud computing is ethical, as long as the “reasonable steps” and conditions are met. According to a recent article by the American Bar Association, the Iowa Committee on Practice Ethics and Guidelines issued suggested questions attorneys should ask themselves and service providers:

• Will I have unrestricted access to the stored data?
• Have I stored the data elsewhere so that if access to my data is denied I can acquire the data via another source?
• Have I performed due diligence regarding the company that will be storing my data?
• Is it a solid company with an excellent operating record, and is its service recommended by others in the field?
• In which country and state is it located, and where does it do business?
• Does its end user’s licensing agreement (EULA) contain legal restrictions regarding its responsibility or liability, choice of law or forum, or limitation on damages?
• Likewise, does its EULA grant it proprietary or user rights over my data?
• What is the cost of the service, how is it paid, and what happens in the event of nonpayment?
• In the event of a financial default, will I lose access to the data, does it become the property of the SaaS company, or is the data destroyed?
• How do I terminate the relationship with the SaaS company?
• What type of notice does the EULA require?
• How do I retrieve my data, and does the SaaS company retain copies?
• Are passwords required to access the program that contains my data?
• Who has access to the passwords?
• Will the public have access to my data?
• If I allow nonclients access to a portion of the data, will they have access to other data that I want to be protected?
• Recognizing that some data will require a higher degree of protection than other data, will I have the ability to encrypt certain data using higher-level encryption tools of my choosing?

Attorneys can gain considerable benefits with a cloud computing solution. Knowing the benefits, security provisions and due diligence to be done will help attorneys make an informed decision that keeps information accessible and safe.

Imagine waking up one day only to realize that the company you work for has been hacked. Your files are missing, bank accounts are hijacked, and sensitive information is on the loose. Although this sounds like a rare situation, it has become more prevalent in this day and age. While there are some solutions to catching hijackers and cybercriminals, the damage done can be quite extensive. Furthermore, cyber attackers can now attack a company from many different angles. This is why, today more than ever, it is extremely important to understand cybersecurity best practices and to make sure you’re staying as protected as possible. However, cybersecurity isn’t only about protecting your infrastructure and device endpoints. There are other assets that cyber attackers have been focused on — employees. While there are many employees trained in cybersecurity best practices, many employees act carelessly when it comes to staying protected. Employees may not care about protecting the company or they may not know how to best protect their information. Whatever the case may be, ensuring top-notch cyber protection at the workplace can help prevent a disaster. Not only can a hijacking lead to the release of confidential information, but it can also result in the termination of an employee. In this post, we’ll discuss 5 cybersecurity tips for employees.

Keep an Eye on Your Devices

A top method for a cyber attack starts with the theft of important devices. Whether it’s a phone, computer, tablet, or even a notebook, these all can contain valuable information that might be used for a cyberattack. No matter how small your business is, keeping your devices safe is a best practice to follow. Devices such as laptops are very important to keep an eye on, as these can be used to stir up a great deal of confidential information. In addition, if you don’t need a password to enter into your device, it makes it that much easier for a cyberattacker to access very important material. Therefore, it’s always best to keep a close eye on your devices. If you have your devices in a public place, always have them in an arms reach. If you have to step away for a few minutes, take your devices with you. However, watching your stuff doesn’t only pertain to being in public. Even at the workplace, things get stolen and devices get hijacked. Always keep a close eye on your phone, laptop, and other devices. While this mostly pertains to large companies with many employees, small businesses too are also at risk. It’s best practice not to get careless with your devices and to always know where they are.

Practice Proper Web Browsing Techniques

Another popular way for cyberattackers to make their money happens when employees carelessly use the web. While an employee may feel that they’re doing nothing wrong, an attacker may take advantage of their careless mistakes. While there are some obvious threats that you know not to fall for, other threats aren’t so apparent. Keep reading to find out some common threats to be aware of while browsing the web.

Maladvertising

This threat is a type of malicious code that distributes malware through online advertising. This can be hidden within an ad, included with software downloads, or embedded on a web page. What makes this so threatening is that maladvertising can be displayed on any website, even ones thought to be trustworthy.

Social Media Scams

With the explosion of social media in the last 10 years, cyberattackers have been hard at work developing scamming techniques. Whether it’s through click-jacking, phishing techniques, fake pages, or rogue applications, hackers have been very successful with these social media scams. While Facebook is a common platform used for hacking, Twitter also poses many threats. This is because Twitter is both a microblogging site and also a search engine.

Web Browsing Tips

• Don’t click on any ads or links that seem fishy
• Don’t click on links in emails
• Only interact with well-known sites
• Confirm you’re using non-fraudulent sites
• Be cautious with online downloads

Keep Mobile Devices Secure

While you might think that the biggest threat to cyberattacks involves the use of your computer, your mobile devices are also something to pay attention to. With the growing sophistication of cell phones, tablets, and laptops, hackers are chomping at the bit trying to get their hands on any of these devices. Cell phones are basically a mini-computer nowadays and tons of confidential information can be easily assessable on them. This is why mobile security is more important than ever. However, given the small size of these devices, it poses many challenges to stay safe. Since laptops and phones are getting smaller by the day, it’s now harder to keep an eye on these devices, in addition to trying not to lose them. However, there are multiple security measures you can take to ensure that your mobile devices are secure. From security apps to creative passwords, there are numerous things you can do to keep these cyberattackers at bay. Take a look at a few of these solutions below:

• Keep Devices Clean — As with most things in life, a good cleaning is usually beneficial. Same goes for your mobile devices. With so much information on such a small device, it’s vital that you clean up your device from time to time by deleting files and using an antivirus program.
• Setup a Passcode — Sometimes all it takes to stay protected from a cyberattacker is a strong password. This is the first thing that the attacker has to crack, so this is your first line of defense. Make the password unique and difficult to guess.

Keep a Clean Desk

Another tip for staying safe in the workplace involves cleaning your desk. It may sound so simple, but a messy desk has a strong chance of obtaining some important information. Remember that note you got from your boss last month? How about those files that were put on your desk last Tuesday? If you forget about these materials and they contain some confidential information, you could risk a cyberattack. Furthermore, if someone steals something from your messy desk, it can be very difficult to notice. Sometimes days or even months go by before you notice that note is missing or that folder isn’t there anymore. While you’ve gone a long period of time without even knowing these materials went missing, you could already be a victim of a cyberattack. Here are some other common mistakes to avoid:

• Leaving USB drives or phones out in the open
• Writing down usernames and passwords and leaving them on your desk
• Leaving credit cards out in the open
• Forgetting to erase notes
• Leaving confidential papers on your desk for extended periods of time
• Forgetting to lock a cabinet or drawer

Be sure to avoid these mistakes as they can make it that much easier for a cyberattacker to access your important information.

Beware of Phishing Attacks

Phishing is a fraudulent practice that involves emails being sent to entities to induce the exposure of credit card numbers, usernames and passwords, or other valuable information. Attackers may pose to be friends, family, or trusted businesses in order to gain information from an employee. Another tactic that makes these attackers successful is the appearance of authority. They may mention something requested by the CEO or something that involves some of the higher-ups. Since employees never want to disappoint the CEO, falling victim to these attacks is common. While it’s very common for an attacker to try to impersonate someone else, they might take another approach. Sometimes links are embedded into emails that will redirect the employee to a fraudulent web page, or sometimes the attacker might attach a file that can expose confidential information if downloaded. Understanding these different methods used by hijackers can help protect you from a cyber disaster. Take a look at a few other best practices below:

• Verify suspicious email requests by contacting them directly
• Utilize malware and antivirus protection programs
• Check the security of websites
• NEVER reveal personal or financial information via email

While phishing is a common technique used by cyberattackers, understanding how to protect yourself can make you well-prepared for anything that comes your way.

Say Goodbye to Cyberattackers!

Even with the many methods of attack for these cyber-hijackers, there are many things you can do to ensure you’re staying protected. While following the list above will get you well on your way to staying educated on the topic, your employers should also consider training their employees on best practices. Even if it’s done once a year, cyberattack trainings can go a very long way. Try talking to your boss about it in the next meeting or go the extra mile and talk to your whole team about it in a group discussion. Another method of protection involves hiring a company that specializes in cybersecurity. These companies are growing by the second and there are many services available for both large and small businesses. Whether you seek external resources for your cybersecurity efforts or you prefer an in-house approach, cybersecurity is something not to shy away from. Not only can a cyberattack lead to lost revenue and the exposure of confidential information, but it can also send a company burning to the ground. By using the five tips mentioned above, employees can stay safe from the trickery of cyberattackers.

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

Don’t Get Tricked By TrickBot

TrickBot is up to its tricks again. Once cyber experts get a handle on it, TrickBot releases new modules that advance its capabilities. Here’s what you need to know to protect your organization from TrickBot.

What Is TrickBot?

The Multi-State Information Sharing and Analysis Center (MS-ISAC) recently released a security primer on TrickBot. Originally developed in 2016 as a Windows-based banking Trojan, TrickBot has recently advanced its capabilities.

TrickBot is a modular banking trojan that targets user financial information and acts as a vehicle for other malware. It uses Man-in-the-Browser attacks to steal financial information such as login credentials for online banking sessions. (The majority of financial institutions consider Man In The Browser attacks as the greatest threat to online banking.)

Malware developers are continuously releasing new modules and versions of TrickBot— And they’ve done this once again.

How Is TrickBot Distributed?

TrickBot is disseminated via malspam campaigns. Malspam is a combination of malware and spam. It’s usually delivered through phishing or spear-phishing emails. Its goal is to exploit computers for financial gain.

These malspam campaigns send unsolicited emails that direct users to download malware from malicious websites or trick the user into opening malware through an attachment.

TrickBot is also dropped as a secondary payload by other malware such as Emotet. Some of TrickBot’s modules abuse the Server Message Block (SMB) Protocol to spread the malware laterally across a network. (SMB is an application-layer network protocol that facilitates network communication while providing shared access to client files, printers and serial ports.)

The developers behind TrickBot have continue to add more features via modules to this potent trojan virus. It can download new modules that allow it to evolve if left unchecked.

How Does The TrickBot Malspam Campaign Work?

The malspam campaigns that deliver TrickBot use third-party branding looks familiar to you and your staff such as invoices from accounting and financial firms. The emails typically include an attachment, such as a Microsoft Word or Excel document. If you open the attachment, it will execute and run a script to download the TrickBot malware.

And, TrickBot is really tricky. It runs checks to ensure that it isn’t put in a sandboxed (quarantined) environment. Then it attempts to disable your antivirus programs like Microsoft’s Windows Defender.

And even worse, TrickBot redeploys itself in the “%AppData%” folder and creates a scheduled task that provides persistence. Persistence is the continuance of the effect after its cause is removed. So, even after you remove TrickBot, it can still create problems.

What Happens If Your Network Gets Infected With TrickBot?

TrickBot’s modules steal banking information, perform system/network reconnaissance, harvest credentials and can propagate throughout your network.

TrickBot:

• Will harvest your system information so that the attacker knows what’s running on your network.
• Compares all files on your disk against a list of file extensions.
• Collects more system information and maps out your network.
• Harvests browser data such as cookies and browser configurations.
• Steals credentials and configuration data from domain controllers.
• Auto fills data, history, and other information from browsers as well as software applications.
• Accesses saved Microsoft Outlook credentials by querying several registry keys.
• Force-enables authentication and scrapes credentials.
• Uses these credentials to spread TrickBot laterally across your networks.

What’s New With TrickBot?

In November 2018, a module was developed and added that gave TrickBot the ability to steal credentials from popular applications such as Filezilla, Microsoft Outlook, and WinSCP.

In January 2019, three new applications were targeted for credential grabbing: VNC, Putty, and RDP.

In addition, it can also steal credentials and artifacts from multiple web browsers (Google Chrome/Mozilla Firefox/Internet Explorer/Microsoft Edge) including your browsing history, cookies, autofills, and HTTP Posts.

How Can You Protect Your Organization From TrickBot?

We recommend that you contact us and arrange for the following to protect against the TrickBot malware:

• Implement filters at the email gateway to filter out emails with known malspam indicators such as known malicious subject lines, and block suspicious IP addresses at the firewall.
• Use managed antivirus programs on clients and servers, with automatic updates of signatures and software. Off-the-shelf antivirus isn’t enough.
• Arrange for vulnerability scans to detect TrickBot or other malware threats that are hiding in your IT systems.
• Apply appropriate patches and updates immediately after they are released.
• Provide Security Awareness Training for your users. Regular training will ensure that they can recognize social engineering/phishing attempts, and refrain from opening attachments from unverified senders.
• Help you employ a Password Management solution so your usernames and passwords aren’t disclosed to unsolicited requests.
• Deploy a managed Anti-Spam/Malware Solution with the latest signature and detection rules.
• Review security logs for indicators of TrickBot. If any are found, we can isolate the host and begin investigation and remediation procedures.
• Make sure you adhere to the principle of least privilege, ensuring that users have the minimum level of access required to accomplish their duties. We’ll also limit administrative credentials to designated administrators.
• Implement Domain-Based Message Authentication, Reporting & Conformance (DMARC). This is a validation system that minimizes spam emails by detecting email spoofing using Domain Name System (DNS) records and digital signatures.
• If you don’t have a policy regarding suspicious emails, we can help you create one and specify that all suspicious emails should be reported to security and/or IT departments.
• And more…

Don’t let TrickBot use its tricks to steal your confidential data. Contact us for comprehensive IT Security Analysis and Remediation to keep TrickBot out of your network.

Creating a business continuity plan is one of the most important things a company can do.

Business continuity ensures that your business is back up and running after a critical disruption, such as a natural disaster or cyberattack.

What Is Business Continuity?

Business continuity is a big-picture approach that ensures normal business operations are continued during an emergency. It’s designed to identify and mitigate risks, assign roles and provide clear communication to key parties.

Why Is Business Continuity Important?

Business continuity allows your business to keep running during or soon after a crisis. Not having a business continuity plan carries great risks, including:

• Loss of customers
• Extended downtime and subsequent revenue loss
• Reputation erosion
• Regulatory non-compliance

Creating a business continuity plan helps you maintain control and calm in what may otherwise be a chaotic environment.

What Are the Components of a Business Continuity Plan?

There are several core components of a business continuity plan:

• Identify the team
• Understand data
• Assess and rank risks
• Prioritize essential services
• Price and build solutions
• Develop policies and communicate
• Test and refine

Each of these steps helps to create a broader understanding of both the threats and how the company addresses them should they materialize.

How Do You Build a Continuity Team?

Business continuity needs to begin at the highest leadership levels and buy-in needs to be built at every level. Every department or business unit should be involved in order to provide perspective on what’s most important and critical across the company.

The team should comprise members who have a deep understanding of how the business works, make good decisions and communicate clearly. This team may be different from a disaster recovery team, which focuses on remediation — dealing with an emergency when it materializes.

How Does Data Fit In?

Understand your data is crucial, especially when risks and solutions become clearer. It’s important to understand what data your company has, especially information that is personal or proprietary.

Your company needs to understand how the data is collected and formatted, where it’s stored, who has access and how it’s accessed.

How Do We Identify Risks?

Risks can take on many forms, some of which are more severe than others. While most people consider natural disasters and cyberattacks as the most common threats, there are other risks that present a threat to the enterprise. Some of these other risks need to be addressed immediately, just like a fire or ransomware attack.

It’s worth repeating that business continuity is about keeping the business operational while the threat is being addressed. These risks include:

• Natural disasters
• Cyber attacks
• Data loss or theft
• Employee error
• Emerging competitors
• Shifting market conditions
• Political changes or legislative action
• Loss of customers or crucial staff

The assessment phase requires identifying the risks and ranking them. Companies should determine the following for each risk:

• Likelihood of occurring
• Potential impacts e.g. financial, reputational, regulatory

Some models define risk as the product of the two (Risk = Likelihood x Impact).

How Are Risks Prioritized?

Once the risks are identified, they need to be prioritized. The most urgent risks should be given the highest priority. One way to think about risk is to consider the services that are most essential to your business viability. Is it the production of goods or services that your customers depend on? What about processes that need to be carried out for regulatory compliance?

Part of this assessment should include the impact of incidents on your most important customers. How likely are they to leave? What do they need that you provide to them?

Next, your teams need to create solutions to the most urgent risks. These may involve recovering key data and restoring online access to applications. They may require new IT solutions that strengthen network protection and monitor activity.

The identified solutions need to be priced before the company chooses which risk mitigation work should be financed first. Cost and feasibility may require a reprioritization of the risks.

When Do We Create Policy and Processes?

An important component of business continuity is developing the governance policies around governance during and after an emergency, how communications flow and from whom, and what systems are prioritized. The processes detail roles and actions to take at each phase of disaster recovery.

Once these documents are created, it’s important to share them and educate employees about what they mean. Understanding these processes before an incident occurs helps employees to react more effectively.

How Do You Know If Your Plan Works?

Testing is an important part of business continuity. Simulated drills can identify how employees perform, how effective the plan is and what needs to be changed. The value of a business continuity plan comes from continual reassessment, reprioritization, retesting and revising.

Disasters and incidents can derail companies in many ways. Business continuity planning helps minimize those impacts on your company and keeps you running during and after an emergency. To learn more about business continuity planning, download this free template.

Email is one of the primary forms of communication for today’s active businessperson, but there are certainly some challenges when you’re on the go. It’s not unusual to start an email on one device and save it as a draft to finish up later from your desktop. This productivity hack allows you to quickly jot down ideas on your mobile phone and save the email for further refinement when you’re back in the office. See some additional best practices for keeping your email synced across devices.

The Rise of Mobile Email

The share of global web pages served to mobile phones has changed dramatically over the past 10 years, from less than 3% in 2010 to over 52.2% (and climbing!) in 2018 according to Statista. This doesn’t even include tablet traffic, which accounts for approximately another 10% of traffic in the United States. The same shift can also be seen in email, with the percentage of emails being opened on mobile devices growing to 55% or greater. Return Path, an email data aggregator, shared that the converse is true for emails opened within an internet browser; this number has dropped from 37% in 2012 to 28% in 2017. These dramatic shifts are representative of the way we create emails, too.

The End of Poorly-Worded Mobile Messages?

While it would be great to note that the increased ability to work cross-platform would mean that you’re less likely to receive poorly-worded, autocorrected emails that originated on a mobile phone, but that’s probably too much to ask. However, the ease with which you can save messages for later editing and sending may reduce the possibility that it’s obvious your email was jotted down on a mobile phone. Business professionals are more likely to take the time to create a well-written message that covers the necessary points when they’re able to re-read the note on their laptop. Few people are able to flawlessly compose a thoughtful email message on a 4″ mobile screen.

Taking Control of Your Inbox

It’s all too easy to allow your inbox to control your life and make you extremely reactive, especially when your emails are close to hand at all times on your mobile devices. It’s essential to stay organized to reduce the possibility that you’ll miss replying to an important message when you’re on the go. Try using labels for “Need to Reply” or “Respond Tomorrow” that will prompt you to draft a reply the next time you’re in the office.

Don’t lose productivity when you’re out of the office — simply jot notes to yourself for later refinement! You’ll love this time-saving trick, and your email recipients will appreciate that your emails have had a few minutes of review and editing before they’re fired out of your Sent mailbox.

Great news! You’ve posted a batch of pricey items from your business on Craigslist, and someone has offered to purchase the lot. However, when you receive the check you realize it’s not for precisely the right amount. Perhaps you contact the seller to get a revised check — and they are so accommodating that they trust you to deposit the full amount and then wire them the difference. You’ve sold your excess inventory or goods and have payment in hand, so where’s the concern?

Unfortunately, this all the hallmarks of a traditional fake check scam. Selling online is one of the three scenarios where you are most likely to find a check scammer, but it pays to always be aware that this could be a possibility. Fake checks are rampant in today’s culture, with scammers making off with millions of dollars on a regular basis. The Better Business Bureau (BBB) estimates that over 500,000 Americans are the victims of swindles involving counterfeit checks, costing each victim an average of $1,200.

How Fake Check Scams Work

First of all, there really isn’t a legitimate reason for someone to ask you to wire money back to them after handing you a check. None. If someone requests this of you, your first thought should be that there is something fishy going on — whether it’s a business or personal situation. The checks that these individuals will pass to you look completely real; even cashier’s checks that portend to be certified by a bank. Unfortunately, you’re responsible for funds from the check that you’ve deposited. This means that you will be liable for the entire amount that you wire to the criminals. Some variations of fake check scams include:

• Foreign lottery: Congratulations! You’re the winner of a (fake) lottery. Here’s your prize money!
• During the job application process you’re asked to submit a check for an application fee.
• An online buyer requests you to set up an account for them to deposit payments into

Scammers are taking advantage of your trusting nature — something that you simply cannot afford to have in today’s society.

Your Liability With a Fake Check Scam

You might think that your liability is limited in the event of a fake check scam, but the opposite is true. While your bank may make deposited funds available to you immediately or within a few days, they are simply acting in good faith that the funds are available from the check you’ve deposited. When it turns out that the check is fraudulent, by federal law you are responsible for any funds that are withdrawn against the check. It often takes weeks to untangle the conspiracy around a fake check, and banks are perfectly within their rights to withhold funds from your use to equal the amount you’ve overdrawn during that period.

Protecting Yourself from Fake Check Scams

Other than simply never accepting a check, there are a few ways to stay safe from this particular type of fraud. Any offer that asks you to submit payment to receive a prize or gift should be immediately tossed. It’s always a good idea to limit how and where you are wiring money — both personally and as a part of your daily business dealings. It’s never a good idea to accept payments that are greater than the amount you’ve requested for a particular online sale, and consider using an escrow service or other third-party payment strategies for more substantial online sales. When you’re working with a new vendor for the first time, it doesn’t hurt to quickly check out their customer service number and even Google their location to ensure that it is on the up-and-up. Avoid any exceptional offer that purports to only be available for a “limited time,” where the buyer is putting extensive pressure on you to act immediately. These are rarely legitimate, and can cause you much more frustration in the future.

The hard fact is that scammers are everywhere, and if something seems too good to be true — it probably is! If you think you have been a victim of a counterfeit check scam, you can report the issue to several government agencies including: U.S. Postal Inspection Service, the Federal Trade Commission and local authorities. Even though it may not save you from losing any funds, you can potentially stop the fraudsters from targeting others in the future.