Back to news
Cybersecurity Alert
June 22, 2026 by EmailMeNow IT Consulting

State Bar Speakers Warn Texas Lawyers: Phishing Is Social Engineering — Email Authentication Is Still Your First Line

At the State Bar of Texas annual meeting in Houston, Justice Lawrence Doss and Carrie Phaneuf of Texas Lawyers Insurance Exchange outlined four real-world scams targeting attorneys — and why antivirus cannot stop emails that look legitimate.

Source: Texas Lawyer / Law.com

PhishingWire FraudLaw FirmsTexasTDRPCSocial Engineering
Texas law firm cybersecurity and phishing awareness concept

At the State Bar of Texas annual meeting in Houston, Justice Lawrence Doss of the Seventh Court of Appeals of Texas and Carrie Phaneuf, vice president of loss prevention at Texas Lawyers Insurance Exchange (TLIE), delivered a timely session on “Scams & Phishing Emails Targeting Lawyers & How to Avoid Them.”

It was a strong reminder that better IT security for lawyers is not optional — it is part of professional responsibility.

Read the original coverage:
Cyberattacks Against Lawyers Are Growing More Sophisticated, Officials Warn — Texas Lawyer / Law.com

What the speakers emphasized

Texas attorneys face attacks that exploit how law firms actually work: hierarchy, deadline pressure, and routine familiarity with files and messages. Criminals no longer rely on obvious “Nigerian Prince” templates. As Justice Doss put it, AI-trained phishing can make communications “resemble exactly what you would expect.”

Phaneuf stressed that everyone is a target — and that smaller firms may be especially attractive because they often lack dedicated security staff. Outgoing State Bar president Santos Vargas noted that Texas attorneys have already lost millions of dollars to fraudulent wire transfers.

The ethical frame is clear. Texas lawyers have been required to maintain technological competence since 2019 under the Texas Disciplinary Rules of Professional Conduct (TDRPC). Doss described the standard as practical, not expert-level: attorneys must make “reasonable efforts” and do “what a reasonable attorney would do under similar circumstances.” That includes understanding how tools like generative AI handle client data — not becoming IT specialists.

Four scam scenarios every firm should know

The session walked through four threat patterns drawn from FBI alerts and real insurance claims:

1. Silent Ransom Group (fake invoices)

Illustration: law firm bookkeeper reviewing a spoofed trust-account change

Criminals send fake invoices or account alerts to trigger a callback. When staff respond, attackers deliver malicious links or software and gain remote access.

2. Two-factor authentication bypass

Illustration: paralegal facing a fake firm intranet reset email

Callers impersonate banks or vendors and pressure staff to click links or share credentials — intercepting authentication codes to reset passwords and access financial accounts.

3. Fake client / bad check refund

Illustration: settlement term sheet exposed on an unencrypted mail path

A “prospective client” agrees to any retainer, sends a check, then demands a quick refund before it clears — leaving the firm out of funds and exposing bank routing details.

4. Thomas v. Corbyn — spoofed firm email ($475K wire)

Illustration: client caught on a fake law firm extranet login

In a 2025 California case cited in the session, criminals altered two letters in a law firm’s email address, redirected a $475,000 settlement wire, and the defense firm was held liable under the imposter rule. Phaneuf summarized the principle: the party best positioned to spot the fraud bears the risk.

Training and verification matter as much as software:

  • Verify payment instruction changes out of band — call a number from the State Bar listing, the firm’s own website, or prior court filings, never from the suspicious message.
  • Never send or accept wire instructions by email alone.
  • Run staff training monthly or quarterly, not once a year — supervising attorneys remain responsible under disciplinary rules.
  • Maintain separate backups, require MFA, patch quickly, and audit email for unauthorized forwarding rules.
  • Review professional liability and cyber endorsements — many policies exclude wire fraud without specific coverage and may require portal-based verification.

Justice Doss offered a simple pause rule: “Their crisis is not your crisis.” If something feels off, stop and call before you act.

Why antivirus is not enough — and what you can document today

Phaneuf’s line landed hardest for IT-minded listeners: “Antivirus software cannot detect social engineering. It doesn’t know the difference between a fraudulent email and a legitimate one.”

That is why email authentication still matters. When your domain lacks DMARC enforcement, SPF, and DKIM, criminals can send messages that look like they came from your firm — the exact pattern behind the Thomas v. Corbyn scenario. Lookalike domains (two-letter swaps, hyphen tricks, TLD variations) are a separate but related risk.

You cannot train your way out of a domain that is trivial to spoof. You can document the technical controls you have in place — which supports the reasonable efforts standard Doss described and aligns with Texas SB 2610 program documentation for firms that maintain written cybersecurity programs.

Free law-firm audit — Texas preset

Run a 60-second domain security scan built for Texas law firms:

audit.emailmenow.com/?industry=law-firms&state=texas

The free scan checks DMARC, SPF, DKIM, MTA-STS, TLS, and related web transport controls. Unlocked reports add law-firm-specific threat narratives, remediation steps, and Texas SB 2610 context — plus deep links to check compromised credentials (Have I Been Pwned) and lookalike domains (Have I Been Squatted) when you audit by email or domain.

This is technical readiness mapping, not legal advice. It does not replace TLIE’s guidance on wire verification, insurance endorsements, or staff training — it complements them with evidence you can hand to IT counsel or your malpractice carrier.

Need hands-on help? Contact EmailMeNow IT Consulting for wire-fraud prevention reviews, phishing training, and SB 2610 documentation support.


Original source:
Cyberattacks Against Lawyers Are Growing More Sophisticated, Officials Warn — Laura Lorek, Texas Lawyer (Jun 16, 2026)