Scammers frequently impersonate lawyers in fraudulent emails in order to get recipients to take those emails seriously, according to Victoria Hudgins at Legaltech News. Legal threats or directives are more likely to catch someone’s attention than are many other phishing lures, and potential victims are usually more willing to follow instructions if they think they’re talking to a lawyer. Hudgins cites an email from the UK’s Solicitors Regulation Authority (SRA) which highlighted the extent of this problem.
“Email modification is the most common area of cyberfraud we see, accounting for well over half of all cybercrime reports to the SRA,” the SRA said. “We see fraudsters posing both as law firms in order to trick clients into sending money to the wrong place, and also impersonating clients to trick firms.”
Hudgins notes that scammers aren’t the only ones who impersonate lawyers. Earlier this year, a college football coach in Kansas was charged with eight felonies involving blackmail and identity theft after he sent fraudulent cease-and-desist emails to several news organizations. The coach posed as a real attorney at the Cochran Law Firm and used an email address that resembled the firm’s domain name.
Alex Holden, CISO at Hold Security, told Legaltech News that it’s hard to stop someone from impersonating your company or employees, but he said there are steps that law firms can take to mitigate the threat. Organizations should educate clients and employees about what type of information or actions they’ll request, and they should implement processes to ensure that impersonators are detected and stopped before they can cause damage.
Organizations can also teach their employees to identify impersonation and phishing attempts. New-school security awareness training is the best way to help your employees recognize red flags and thwart imposters.
Legaltech News has the story: https://www.law.com/legaltechnews/2019/09/09/law-firm-catfishing-is-real-and-its-a-problem/?slreturn=20190810124541
Here's how it works:
