Proofpoint closes acquisition of Tessian.

Request a demo
Request a demo
Request a demo
Request a demo
Request a demo

Why Law Firms are Falling for Phishing Attacks

Cai Thomas • Wednesday, March 17th 2021
Why Law Firms are Falling for Phishing Attacks

Tessian Cloud Email Security intelligently prevents advanced email threats and protects against data loss, to strengthen email security and build smarter security cultures in modern enterprises.

According to the FBIphishing was the most common type of cybercrime in 2020—and phishing incidents nearly doubled in frequency, from 114,702 incidents in 2019, to 241,324 incidents in 2020.

And, while businesses across industries are vulnerable, law firms are especially lucrative targets. They handle an incredible amount of sensitive information, from medical and financial data to merger and acquisition (M&A) data.

Spear phishing is a problem law firms have to tackle to avoid the devastating consequences successful of attacks. For example a damaged reputation, lost client trust, and regulatory penalties. But, worryingly, the Solicitors Regulation Authority (SRA) has stated that it is unrealistic to expect staff to identify all phishing emails.

So what can you do? We break down four tactics employed by hackers, and offer tips on how to protect your firm.

1. Hackers are leveraging publicly available information

Spear phishing attacks are sophisticated impersonation attempts. Of course, the more believable the impersonation, the more successful the attack.

To avoid raising any red flags and boost their chances of success and , hackers do their homework by gathering publicly available information about a firm, its employees, and counter parties. LinkedIn, OOO messages, and even a firm’s own website make it easy, especially given the fact that any lawyer regulated by the SRA must legally ensure their contact details are publicly available online.

With this information at their fingertips, criminals are quickly able to understand the most effective strings to pull. Falling for the deception, some firms have unknowingly transferred anything between £5,000 and £1m to cybercriminals. By the time these law firms realized they’d been successfully attacked, it was too late.

Learn more about how hackers leverage social media for business email compromise (BEC) in our latest research report: How to Hack a Human.

What can you do?

Make sure employees understand how the information they share can be used against them, and implement strict approval processes for wire transfers.

2. Hackers choose their targets carefully

While every attack is different, there are some specific departments and individuals are are targeted more frequently than others.

Let’s start with new joiners. They’re fresh into the firm, may not be familiar with internal structure or policies, and are keen to prove themselves. But this could be their – and your firm’s – downfall. One firm, for example, experienced an unfortunate incident whereby a new Finance Manager – just two months into the job – was fooled into transferring £60,000 to an impersonated supplier.

But it’s not just new joiners that you need to be wary of. Leavers, too, pose a threat. A quick update on LinkedIn tells opportunist criminals that a person is switching firms.  All they have to do is create a freemail account, impersoante the leaver, and request credentials/documents or request to change their bank details.

What can you do?

For new starters, make security awareness training a priority and include it as a part of onboarding. For leavers, create foolproof off-boarding processes and systems to verify the identity of freemail contacts.

3. Hackers will build rapport

Oftentimes, bad actors will start emails with trivial subjects such as ‘How was your weekend?’ or ‘Do you have five minutes?’ in order to test a firm’s security. These introductory emails have no URL, attachment, or payload included; they sail through a firm’s legacy defenses and SEGs, and don’t immediately appear suspicious to the target. In one particular incident, an email was sent to a law firm, supposedly from the ‘Managing Partner’, asking recipients to meet him at the local shop – you’d be surprised how many lawyers actually waited outside a nearby shop!

The reason for this technique? It allows them to identify weak spots and deliver the real attack email a few weeks later. Alternatively, if criminals find that they don’t get a bite from the initial bait email, they will likely move on.

What can you do?

Show employees a range of spear phishing examples and explain what social engineering is (and why it’s so effective).

4. Hackers will impersonate a person in a position of authority

In a number of cases, lawyers have been fooled by emails supposedly from the High or Supreme Court. These emails will include a malicious link to a ‘new legal case’. We see similar tactics used in consumer attacks. For example, hackers will impersonate a tax authority or law enforcement agency.

This tactic is especially effective because these government organizations are trusted, reputable, and may even illicit fear. Targets will inherently want to comply, and fast.

What can you do?

Teach employees to inspect domains and URLs, and to spot those that are illegitimate or malicious. But even that may not be enough…

Protect your people with Human Layer Security

Cybercriminals are using sophisticated impersonation techniques to deceive unwitting victims into transferring finances or handing over credentials. And they’re only becoming more sophisticated. That means that, while training employees to spot phishing attacks and implementing strict policies can help, they’re not enough.

Many organizations rely on rule-based phishing solutions. These will certainly protect your firm from some of the weak-form phishing attacks and impersonation techniques attackers are using, but these legacy tools can’t detect or prevent the strong-form impersonation and social engineering attacks that are becoming more prevalent across the legal sector.

Tessian Defender can, though.

Here’s how:

  1. Tessian’s machine learning algorithms analyze your company’s email data, learn every employee’s normal communication patterns. and map their trusted email relationships — both inside and outside your organization.
  2. Tessian inspects inbound emails for any suspicious or unusual content both in the body of the email and the metadata. For example, payloads or anomalous domains, geophysical locations, IP addresses, email clients, or sending patterns.
  3. Tessian alerts employees when an email might be unsafe with easy-to-understand, contextual warnings.

Post adapted from an article that originally appeared in Information Age.

Cai Thomas