Blog

In the press: Should law firms be worried about scam emails?

/ Security
November 7th, 2015

should law firms worry about scam emails

The rise in targeted email attacks to businesses worldwide continues to dominate the news headlines. Attacks like these are dangerous by their very nature. Not only are they increasing in frequency, but they are also becoming smarter by the day.

At the moment, we’re seeing a rise in activity related to of the Business Email Compromise (BEC) scam. This is where a cybercriminal tricks an employee into believing that they need to make a bank transfer to a known external entity but ends up sending these funds to a criminal instead.

Targeted spoofing is one of the biggest risks that firms currently face. This is not the age-old problem of SPAM emails, but something much more threatening. SPAM email involves a single email, branded as a well-known company such as a bank, sent to millions of addresses.

This ‘hit and hope’ exercise depends on a number of factors in order to be successful. The recipient must actually be a customer with that bank; the SPAM or anti-virus systems must fail to identify the email as a risk, and the recipient doesn’t recognise it as a dangerous email. As a result, the sender may not even get one bite from sending out hundreds of thousands of these emails.

Targeted email attacks are much more sophisticated – and now involve much more than just email; they merge emails, calls and sometimes physical visits to a target firm’s office– this is truly hacking for the masses. A number of hacking tools are now available for anyone to download, along with all the information they need to manipulate employees into performing actions or divulging confidential information – a key hacking term known as ‘social engineering’.

The truth is that the security systems that are needed to protect the majority of firms from the majority of hacks are probably already in place.

What does this mean for the legal sector?

Read the article in full in Lawyer Issue