In this short blog series, Lawyer Checker’s Jennifer Williams outlines how cyber crime and fraud affects the legal industry; the different types of cyber crimes and how law firms can protect themselves.
There are various terms for cyber attacks being used, some which may be familiar, but some may not.
Phishing
This is the most common, and most effective form of infiltration. Phishing is when a fraudster sends an email which contains specific instructions, directing the recipient to take an action that will expose their systems.
This might be to send money to a nominated account, open an attachment which contains a virus, click on a link which enables the fraudster access to your computer. These types of emails are increasingly convincing, appearing to be from suppliers that encourage you to review your latest invoice or remittance, or sales emails asking you to click a link.
The emails may appear to come from well-known brands, such as your bank or retailers. But if you inspect the email address it has been sent from, the first part and domain will almost certainly arouse suspicion. If it’s a busy day at the office, sometimes these errors are not always picked up as the domain could have been changed by a single letter which can be easily missed.
Vishing
Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information.
Smshing
The is the same as phishing but with SMS messages instead.
Authorised Push Payment Fraud
With over 35,000 people losing £145m to it in the first half of 2018, it is the fastest growing type of fraud in the UK.
Authorised Push Payment Fraud can happen to anyone as the perpetrator cons you into sending them money from your account. The method used is usually via phone, email or social media where they impersonate someone else such as your bank, a contractor, an estate agent or the police.
Spear Phishing/Whaling
The is the same concept except spear phishing involves some social engineering and monitoring of the firm to identify key contacts. The phishing email may identify itself as being from someone in the business, often a senior member of staff, but on closer inspection the actual email addresses are completely different to correct official ones.
Email Cloning
This is exactly what it says on the tin. It is possible to clone an email address and send emails impersonating the individual hacked. It sounds like something from the movies, but email cloning is astonishingly simple as all it takes is some IT skills and a 3-minute YouTube video.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Lawyer Checker (Part of The Practical Vision Network) provide a range of products and services for law firms to help them combat cyber fraud.
Furthermore, we host leading publications such as Today's Conveyancer and Today’s Wills and Probate, Today’s Legal Cyber Risk along with our newest publication Today's Family Lawyer – which are all respected as a source of reliable advice and information in their markets.
