Phishers are hooking lawyers and their staff in record numbers. "Phishing" scams work by deluging the internet with fraudulent emails falsely appearing to contain important links or attachments from legitimate sources.
Spear-phishing attacks are tailored to specific professions or individuals. In targeting the legal profession, they can appear to be from a court, a vendor, or even someone inside the firm.
Law firms, even small ones, present attractive targets because they deal with highly sensitive secrets and financial information. The consequences of destroying or exposing this information - or both - provide strong motivation for firms to quietly pay ransoms to get their files back or extortion money in an effort to prevent public exposure.
Cai Thomas,cyber security consultant at Tessian, explains that criminals can broadcast introductory emails that appear legitimate and have no attachments or malicious links. Criminals know that the recipients who reply to these innocent-looking emails are more likely to fall for more targeted attacks. They then can look up the names of, for example, managing partners to fashion much more convincing, fraudulent emails.
The cyber thieves mine law firm websites and LinkedIn to identify targets and craft convincing emails. After identifying firms whose people are more responsive to seemingly authentic messages, they will pose as important people within law firms, requesting transfers of money or attaching an infected file "for urgent review."
According to Osterman Research phishing is the most common cyber attack affecting the legal profession, with attempts hitting 80% of law firms in a recent year.
Spear-phishing attacks are tailored to specific professions or individuals. In targeting the legal profession, they can appear to be from a court, a vendor, or even someone inside the firm.
Cai Thomas,cyber security consultant at Tessian, explains that criminals can broadcast introductory emails that appear legitimate and have no attachments or malicious links. Criminals know that the recipients who reply to these innocent-looking emails are more likely to fall for more targeted attacks. They then can look up the names of, for example, managing partners to fashion much more convincing, fraudulent emails.
The cyber thieves mine law firm websites and LinkedIn to identify targets and craft convincing emails. After identifying firms whose people are more responsive to seemingly authentic messages, they will pose as important people within law firms, requesting transfers of money or attaching an infected file "for urgent review."
According to Osterman Research phishing is the most common cyber attack affecting the legal profession, with attempts hitting 80% of law firms in a recent year.