Phishing attacks have grown exponentially over the past five years.
Lured in by the low risk and high reward, many cyber criminals are actively using and developing this method of cyber crime to steal sensitive data.
Despite the seemingly low-level use of technology involved in these scams, the detail and research that cyber criminals put into their impersonation ruse can be highly convincing. Although law firms are becoming more adept at spotting malicious emails, fraudsters attention to detail is also growing in sophistication, making it increasingly difficult to spot the cyber criminals.
For over three months phishing scammers have been successfully exploiting the TV licensing authority to steal sensitive data from their customers.
Although the phishing attempts started in October 2018, over 5,000 complaints have been made to Action Fraud, complaining about the persistent and continual emails or the fact that the user has provided sensitive information to the scammer. The initial email looks and sounds convincing which is prompting the user to click the link. However, once the scammer’s TV Licensing site has been accessed, the authentic look and use of official language is also convincing the user to share their personal and financial information.
A recent press release from TV Licensing, said: “Some customers are receiving scam email messages saying they are due a refund or need to keep up their payments. A link directs customers to a fake version of the official TV Licensing website which asks them to enter personal information and bank details.
“If you receive a similar email message, please delete it. If you have already clicked the link, do not enter or submit any information.
“If you have entered personal information as a result of this fraudulent email you should report the fraud to the Action Fraud Helpline or by calling 0300 123 2040. If you have submitted any bank or card details, please speak to your bank immediately.
“TV Licensing never sends refund information by email and is investigating the source of this fraud.”
Action Fraud, in regard to the phishing attack, said: “They will use headlines such as ‘correct your licensing information,’ ‘billing information updates’ and ‘renew now’ to trick people into clicking on the link within the email.”
“When a victim clicks on the link, they will be led to a convincing looking TV Licensing website. The website is designed to harvest as much personal and financial information as possible from the victim.”
Stephen Cox, chief security architect at SecureAuth, commented: “There is a shared onus here, between the users maintaining a level of vigilance during their online activity, companies engaging in reasonable security to protect their users and sensitive data, and the security industry as a whole to continue to raise the bar in terms of innovation and user experience.”
“Locking down accounts that have been actively or potentially compromised during a phishing attack can leave users feeling frustrated, unable to access their resources, and this can have a measurable impact on the business. Companies must understand the urgent need for stronger identity security practices, allowing them to increase the trust that their users are who they say they are.”
Whilst a law firm or consumer can work to become more savvy and even suspicious over the emails they receive, when the difference between a scam site and legitimate site are so nuanced and minute, it can be easy to fall victim of the scam.
As 2019 develops, it will become imperative that all firms develop a rigorous cyber security policy towards email communication to avoid sensitive data from being stolen and a law firm from being exposed to irreparable reputational damage.
Email modification fraud is now the most common type of cybercrime against solicitors, where cyber criminals intercept and falsify emails between a client and the firm. In order to shield your business from email modification fraud and protect your business from becoming a victim install Lawyer Checker’s OnDMARC’s service. This sophisticated web-based system effectively secures your firm’s email by actively blocking phishing attacks and preventing 3rd parties from impersonating your email domain to any recipient such as your clients and employees.
