Legal Issues to Put on Your Radar in 2025
As we are embarking on a new year, we want to take a moment to highlight two legal issues you should have on your radar.  We are not in the business of being alarmists, but it is important for local governments to recognize they are not immune from the hacks, scams and other changing trends affecting the private sector.  To that end, we wanted to make sure you were keeping in mind two important issues: (1) cyber fraud; and (2) the use of Artificial Intelligence in legal matters.

Cyber Fraud

Most local governments are well aware of the need for vigilant cyber security.  We have all heard of or maybe even unfortunately experienced ransomware attacks where hackers lock down a local government’s system or lock their files and hold them for ransom.  Hopefully, you all have taken, and are continuing to take, steps to protect against these unscrupulous activities.

However, a new trend is here, which has begun to impact local governments – cyber fraud through business email compromise.  Hackers are using various methods to compromise business emails in order to fool businesses, individuals and even local governments into transferring billions of dollars to fraudulent accounts while believing they are dealing with legitimate business partners.  In recent years, known losses to business email compromise have totaled nearly $3 billion per year, which is about 80 times greater than ransomware attacks.  This trend is likely to continue and should be high on your radar.

In a typical business email compromise attack, hackers send emails that appear to come from a trusted source, such as a vendor or a supervisor or manager in the company (or local government), and make what appears to be a legitimate request. The goal is to convince the target to send money or share sensitive information. 

The most common and well-known scam is when a criminal posing as a supervisor or executive asks an employee to buy gift cards for staff or customers.  More recently, however, hackers are able to gain access to a vendor’s email system and send an email to a client or customer from the vendor’s actual email address stating that they have switched bank accounts and future payments should go to the new account.  Trying to be helpful, the client or customer changes the information in their files and sends future payments to the hacker’s account rather than the legitimate business account.  The client or customer doesn’t realize the error until the vendor contacts them about the payment never being made – often weeks later.  This scam has even infiltrated real property purchases, wherein the hackers posing as the title company send fake wire instructions for closing, thereby costing the buyer hundreds of thousands if not millions of dollars.

Unfortunately, local governments are not immune from business email compromise attacks.  As a result, it is important that you share information about such scams with all of your employees, because anyone with an email account is a possible target.  A few other tips to follow to protect yourself from these attacks include:

•  Never switch vendor accounts or send money electronically to a new address without independently confirming that the change is legitimate.  Do not make such confirmations via email as the hackers are often controlling the actual email account of the vendor.  Rather, confirm via telephone call or by an in-person conversation.  It is also important to use a previously known telephone number and not rely on a number given in the email or other communication as hackers will almost always include a number that goes directly to them.

• Don’t switch employee direct deposit accounts without independently verifying the request with the employee in person.  Just like the vendor scam, hackers are utilizing employee email addresses to request a change in their direct deposit accounts, stealing paycheck deposits from unsuspecting employers.  Make sure you verify any such requests directly with your employees.

• Don’t be fooled by voicemails, videos or texts that sound and look legitimate.  The FBI has warned that hackers are now using Artificial Intelligence (AI) to add to the believability of their scams.  Using AI, hackers can take one minute of a person’s recorded voice from online, such as from a YouTube video or from social media, and reconfigure the sound to make the person say almost anything.  Many businesses have been fooled into thinking a suspicious email was legitimate because a voicemail was left confirming the request from the actual voice of the person who was hacked.  Again, it is important to follow up and independently verify any of these types of requests.

• Make sure you have cyber-security insurance and that it provides coverage for these newer types of scams.  Many individuals and entities fail to review their insurance policies to confirm that the policies actually provide the level of needed coverage.  With the ever-changing world of cyber fraud, it is imperative to annually review your cyber-security policy to confirm it is up to date and provides you with the necessary coverage. If you don’t have such a policy, get one in place as soon as possible.

• Follow normal online safety protocols, even with emails from known sources, including carefully examining email addresses, URLs and spelling/tone used in correspondence to ensure it is consistent with past communications from the sender; be careful what you download and what links you follow in an email – never open an attachment from someone you don’t know; and utilize two factor authentication for your own accounts whenever possible.

• Be cognizant of things that seem outside the normal – someone rushing you for payment out of the blue is a tell-tale sign that the communication may not be legitimate.  For example, if your contract with a vendor states that payment will be made within 30 days of invoice, and the vendor is demanding payment within a week of the invoice being sent, which is not ordinary for the vendor to do, there’s a strong chance you might not be dealing with your actual vendor. 

 If you suspect that you are a target of a business email compromise cyber scam or actually become a victim of one, you should report the incident to the FBI’s Internet Crime Complaint Center, your local police department, and to your financial institutions as soon as possible.  You should also reach out to your insurance carrier for assistance under your cyber-security policy and contact our office for further assistance.

Artificial Intelligence

With the explosion of AI, we can receive answers to any number of questions more quickly than ever before.   The hope is that AI will make our work lives more efficient and well informed.  However, local governments need to remain cognizant that AI is not perfect and errors, often referred to as “hallucinations,” are quite common, especially when AI is utilized to analyze legal matters. 

Asking AI for legal advice is a tantalizing option to save time and money.  However, it has been discovered that AI often creates inaccurate or even entirely fictitious legal authorities when providing answers to legal questions.  In one example, a Missouri business owner decided to utilize AI rather than an attorney to file a court brief on his behalf.  In the arguments created by AI, only two out of twenty-four citations were legitimate – the other twenty-two were fake!  Not only did the business owner lose his case, but he was also fined an additional $10,000 by the court for submitting the false citations.

Other examples include members of the public utilizing AI to make arguments to local governments based on completely fictitious legal authorities.  One BEH client recently had a member of the public utilize AI to make arguments related to their public records request based on completely made-up case law.  If the client had not reached out to BEH and just relied on the arguments created by AI, they may have misapplied the public records law.

This is not to say that AI does not have its place in providing assistance to local governments, even in legal matters.  However, it is important to recognize that AI is far from perfect, and in fact, is often misleading.  To that end, it is critical to verify information provided by AI for any issue, but especially when it comes to legal matters.  Failing to do so could end up with you waiving your legal rights, or worse yet, being fined by a court or other authorities for failing to comply with the law due to a faulty reliance on AI.