How Law Firms Can Identify a Phishing Email

Experian has released its sixth annual Data Breach Industry Forecast, which highlights six key areas where companies and individuals should be aware of possible data breaches. It also singled out lawyers as specifically being easy prey to biometric, cloud and phishing cyber attacks.

The recent news of Marriott’s data breach and other headline-grabbing events show how lawyers are counseling their clients through massive data breaches. But the cyber attacks should also remind lawyers and their firms to safeguard their own technology.

Source: Legaltech News

According to The American Bar Association 2017 Security Report:

“Some attorneys and law firms may not be devoting more attention and resources to security because they mistakenly believe it won’t happen to them. The increasing threats to attorneys and law firms and the reports of security breaches should dispel this mistaken viewpoint. Significantly, 22% of respondents overall reported that their firm had experienced a data breach at some time—up from 14% last year. Reports of breaches ranged from a high for firms with 10-49 attorneys (35%, more than one-third) to a low of 10% for solos.”

Before you open that very legitimate-looking email, I just want you to pause a second. If you don’t know already, phishing is a an attack via e-mail, that aims to gather your personal information. Whether it be passwords, account numbers, pins or social security numbers– you do not want that information in the wrong hands. The goal of this email is to look legitimate enough that you don’t see any concern in opening it. Over the years, people have become more savvy in spotting suspicious emails, but as we get smarter, so do hackers.

So let’s say you get an urgent email in your inbox, claiming to be your bank… What do you look for?

Table of Contents

1. Who is the Sender?

You open your inbox and you have an email from your bank with an urgent message. It looks legitimate, but beware of both how you are addressed and the subject of the email. Odds are, your bank knows your name, so if you are addressed generally, maybe take a step back and look at the email before you click on any links that may be harmful. If the subject line claims it’s urgent and sounds like something your bank wouldn’t normally say, it probably is a scam.

2. URL

You click on the link and it brings you to a banking site. This hacker took a lot of time to make this website so authentic, you would have no idea it’s fake. But look again. Do you see “https” before the URL? If you don’t, get out of there and delete that email. If the website is secure it will have a security certification beforehand in your search bar.

3. What are They Asking for?

Take your time. The goal of a hacker phishing to get your information is to fluster you and prompt you to fill out a form requiring sensitive information. The subject line might have inclined you to be worried, but just take a moment. Before you fill out any form, really analyze the situation, if something doesn’t feel right, go with your gut.

4. Grammar

So simple, yet so easy to mess up. Did your bank spell your name wrong, or perhaps use incorrect punctuation? Stop right there! These hackers are computer wizards not English majors, so do not fall for it.

5. Subscription Expiration

Important: Updates and Changes to our Member Roster or Renew Your Membership. The Florida Bar Association warned its membership of just such an email phishing scam targeting Law firms. Be wary of links for payment or to update your information.