Sunday, March 29, 2020

Legal Ethics and Lawyer Scammers Do Not Take COVID Holidays

The COVD-19 Virus

I love it when a ready-made blog topic drops right into my lap.  Not that I’m lacking for ideas.  My Evernote “Blogs” note currently has 41 topic subjects of varying complexity awaiting my attention.  But stuck at home the last two weeks in my COVID-19 bunker, I have been seeking inspiration for a novel.  A novel coronavirus legal ethics topic, that is.  And Friday, it arrived, directly to my in-box.  An e-mail message from Alejandro Hernandez, the Managing Director of Jorhe Technologies Group, Inc.:

From: Alejandro Hernandez []
Sent: Friday, March 27, 2020 12:09 PM
To: Charles Luce
Subject: Attorney Required

Good day Charles,
My name is Alejandro Hernandez, Managing Director of Jorhe Technologies Group.
I want to find out if your firm handles Copyright Infringement Cases. A long time business associate of ours has violated our copyright agreement and we need a
lawyer to handle this matter urgently.please stay safe out there in this hard times.

We are prepared to pay your retainer fees and we will also send you other important and 
sensitive documents.

Best Regards,
Alejandro Hernandez
Managing Director
Jorhe Technologies Group, Inc.
Tel: +52 (15) 5457 23323
Direct Tel: +52 66 7690 3628

Of course it was a scam, and a really old one.  I first lectured about this variety of lawyer scam – the “dear counselor” con – at CLE International’s 14th Annual Ethics Conference, on Pearl Harbor Day 2009, and it was old even then.  This e-mail had all the classic hallmarks:

1.       It came out of the blue;

2.       It was from a company I, and no one else, has ever heard of;

3.       It suggested, but did not outright state, it was from a foreign country (the +52 country code is Mexico, if the sender’s nom de scam wasn’t blatant enough);

4.       It used the word “urgently”; and

5.       It offered, without prompting, to pay my “retainer fees and to “send [me] other important and sensitive documents.”

In a particularly nice and timely touch, the opening paragraph had added to the end of the undoubtedly cribbed copy from which it was derived an oblique reference to the ongoing pandemic: “please stay safe out there in this hard times.” “Alejandro” had even taken the time to research at my credentials and learn that I practice copyright law.

Of course I was not going to respond.  But I do have a soft spot for such phishermen, particularly ones that demonstrate some initiative in dusting off and updating really, really old lawyer trust account scams.  So I studied the message a bit.

There were no obvious errors, apart from the fact that the only sentence which had been added to this oldie-goldie lacked even a single space before it and contained a grammatical flub: “in this hard times,” instead of “in these hard times.”  But I was not going to be a grammar-slammer or deduct more than a couple of points for a minor error.

I moused-over the e-mail header and the hypertext link, looking for a redirect to another website.  I found none.  Also there were no subtle letter transpositions or other tricks of the phishing trade, such as substituting “0” for “O.”  Ten Points to Slytherin!

Jorhe Technologies' "Recent Enagements" Page


Next, I Googled “Jorhe Technologies Group,” which usually leads to the website of a real company with which the scammer is definitely not associated.  I found an impressive one.  Well, sort of.  The animated graphics on the home page and the typeface used in the “Services” menu are vintage –1970s or early 1980s , reminiscent of the dated computer graphics and fonts you see in movies of the period, like War Games (1983) and Colossus: The Forbin Project (1970).                                                               

But there was depth to this website.  The list of “Recent Engagements” and"Tech Partnerships" was impressive:  Microsoft Azure.  Amazon Web Services.  Google Cloud Platform.  At the bottom of this page there was a photo of a smiling “Amanda, Sales Representative,” waiting to “Schedule a call now.”  Who could resist that invitation?  True, Amanda looked a shade too pale to be living under the Mexican sun.  But the photo is small, and she does seem to have a nice tan.  Amanda might be an ex-pat, or working remotely up north.  Whatever.  I certainly didn’t want the scammer to think I was a racist or xenophobe.


The Google search results for “Jorhe Technologies Group” demonstrated impressive SEO: Top of page one!  Of course it was also the only “Jorhe Technologies Group,” which wasn’t surprising.

Goolge Search Result for "Jorhe Technologies Group, Inc."

Next stop: a WHOIS search  My favorite resource for domain name look-ups is the mother ship: the domain name search engine for ICANN.  ICANN is the acronym for the Internet Corporation for Assigned Names and Numbers, a U.S.-based organization responsible for coordinating domain names on the Internet.  All domain name registration data leads back to ICANN’s WHOIS engine.  My search there revealed that had been “Created: 2020-02-14 14:04:36 UTC” and was hosted by “DNS1.NAMECHEAPHOSTING.COM.”   Really.  You can’t make this stuff up.  No identifying ownership information was available – another tell, as if more was need.
ICANN WHOIS Domain Registration Record

I was impressed!  A technology company, listing, or at least suggesting, affiliations with the titans of the hi-tech industry, and whose website boasts and details numerous complex projects and accomplishments, so busy that it could not get around to building its own website until Valentine’s Day 2020.  This company is going places.  The heck with your legal work!  Where can I buy your company’s stock, Alejandro?!

However, as I surfed Jorhe Technologies’ site a bit more, some curious mouse-overs kept appearing – for “Icalia Labs,” which appears to be a real technology company located in Austin, Texas.  Even sweet, smiling Amanda was revealed by a mouse-over to be an “Icalia Labs Contact.”  

All became clear when I found and reviewed the Icalia Labs site.   Rather than point to a real company’s website, the usual play for this scam, “Alejandro” had built his bogus website by copying and revising Icalia Labs’ website’s source code.  All of it.   Alas for Alejandro, the source code on his Jorhe website revealed he had missed changing the metadata, which was still rife with “Icalia Labs” references in the alternative text used for mouse-overs.

If you're going to rip off HTML code, don't forget to change the metadata!

It was then I realized that, like me, Poor Alejandro was probably stuck somewhere under a “shelter in place” order, too, and had way too much time on his hands.  Indeed, even in the processing of drafting this blog, the Jorhe Technologies Group “About” page, which I initially captured as a 404 error page, was updated.  Actually it was created.  The one page not pirated from Icalia Labs, whose website has no “About” page.  (However, virtually all of the text was ripped off from Tiempo Development’s AWS profile page.)  I imagined the scammer’s wife yelling at him, “Alejandro!  The ‘About Page’ is broken.  Fix it.  Now!”  And he did.  Pobre Alejandro!

"Jorhe Technologies" Cloned Contact Page with Icalia Labs Alternative Mouse-Over Text

The Genuine Icalia Labs Contact Page (also with the Icalia Labs Alternative Mouse-Over Text)
I briefly toyed with the idea of contacting Alejandro and asking if he would consent to be interviewed for this blog about the life of a law firm scammer.  I would like to know his rake – his ROI, and perhaps the names of some of the firms he had on the hook.  We know from the anecdotes that get reported that a few past scores from the “dear counselor” scam have been substantial.  Apparently the phishing is still good in age of Coronavirus. 

Law firms who have been scammed are a favorite subject of Internet blogs.  Schadenfreude sells.  This ground has been plowed so many times there is really nothing new to write about it.  The Texas Bar Blog cataloged dozens of similar ploys just 6 days after Alejandro opened for business.  The Illinois Bar has described the elements of the “dear counselor we need a lawyer in your jurisdiction” scam in detail. maintains a depository of such scam e-mails, and there is an entire blog devoted solely to collecting attorney e-mail scams.

As matter of legal ethics, the “dear counselor” scam creates multiple issues for any Colorado lawyer or law firm that falls for it and remits to the scammer real dollars from its trust account in exchange for the phony wire transfer or bad check given as a “retainer” by the scammer.  The “sting” occurs  when the scammer advises the lawyer, as it inevitably will, that it has resolved the dispute which the lawyer was engaged to handle, and instructs the lawyer to keep a generous fee for herself, and to promptly remit the balance of the scammer’s trust account by wire transfer.

Apart from the deep professional embarrassment of having been taken by a Nigerian prince, and the negative publicity which may follow, looms the specter of having violated Colo. RPC 1.1, which requires that a lawyer be and stay technologically competent. Specifically, Comment [8] makes clear that Rule 1.1 includes within its mandate a duty “[t]o . . . keep abreast of changes in . . . changes in communications and other relevant technologies.”  Falling for con that is at least 11 years old is not “keeping abreast.”

The “generous fee” the lawyer is invited to retain by the con artist usually surpasses a reasonable fee by any measure of computation, and thus may be deemed an “unreasonable fee” for the services provided in violation of Colo. RPC 1.5(a), though in truth, of course, it is no fee at all.  That raises an interesting metaphysical question: is Rule 1.5 violated by attempting to collect an unreasonable fee when the fee is illusory from the outset?

Remitting real dollars from one’s trust account in exchange for the trickster’s ersatz retainer also violates Colo. RPC 1.15A, which requires a lawyer to safeguard client property.  If take from the scam is large enough to overdraw the lawyer’s trust account once the amount of the phony wire or check is reversed by the lawyer’s bank, the Office of Attorney Regulation Counsel will be contacted, and the chagrined lawyer will hear from OARC swiftly thenafter.  Cyber-fraud insurance may provide coverage, but may not, or at least not without a fight.  Such policies are tightly worded, and may be conditioned upon recurring firm-wide cyber-security training, as Dentons Canada discovered when it was duped out of $2.5 million in a far more sophisticated e-mail scam in 2017.

There is one further, interesting ethics angle to bear in mind should you be tempted to have some fun with a con artist like “Alejandro” – a recognized sport known as “scam baiting,” a form of Internet vigilantism in which the would-be victim turns the tables on the scammer, or at least wastes his time and holds him up to public ridicule.  As documented by, an website entirely devoted to this diversion, scam baiting can be great fun.  There’s even a wildly popular Ted Talk devoted to the subject.  The problem is that lawyers are not allowed play – at least not directly.

Colo. RPC 8.4(c) prohibits attorneys from engaging in “conduct involving dishonesty, fraud, deceit or misrepresentation,” which scam baiting requires.  While I may ethically ask Alejandro if he wouldn’t mind being interviewed for his perspective on the life of a lawyer-scammer, Rule 8.4(c) forbids me from playing by Alejandro’s rules.

I may, however, “direct” another to do so, provided it is in connection with a “lawful investigative activity.”  This is permitted because Rule 8.4(c) was amended in 2017 to allow a lawyer to “advise, direct, or supervise others, including clients, law enforcement officers, or investigators, who participate in lawful investigative activities.”  See Colo. Bar Ass’n Ethics Opinion 137, Advising, Directing, and Supervising Others in Lawful Investigative Activities That Involve Dishonesty, Fraud, Deceit, or Misrepresentation (May 2019).

I wonder how long Alejandro will work the Jorhe Technologies Group scam, and how long it will take Icalia Labs to discover that someone has pirated its website’s code.  It can be lonely in the COVID bunker.  The combination of lawyers working remotely, and business’ worldwide pulling in their legal budgets, may create a dangerous alchemy in which attorneys worried about their next billable hour will fall prey to the “dear counselor” scam, old as it is – a danger greatly reduced when one works in an office with colleagues who can yank a would-be lawyer-victim back from the precipice when he excitedly announces “I just got this great new client through an e-mail!”

The novel coronavirus is enough to cope with without Alejandro.  Legal ethics and lawyer scammers do not take COVID-19 holidays.  Working remotely still requires that conflicts be checked and cleared, and that common sense and alertness not be checked at the COVID bunker door.  Be careful out there everyone.