The Legal Profession's Catfishing Problem

iStock-1067787434Scammers frequently impersonate lawyers in fraudulent emails in order to get recipients to take those emails seriously, according to Victoria Hudgins at Legaltech News. Legal threats or directives are more likely to catch someone’s attention than are many other phishing lures, and potential victims are usually more willing to follow instructions if they think they’re talking to a lawyer. Hudgins cites an email from the UK’s Solicitors Regulation Authority (SRA) which highlighted the extent of this problem.

“Email modification is the most common area of cyberfraud we see, accounting for well over half of all cybercrime reports to the SRA,” the SRA said. “We see fraudsters posing both as law firms in order to trick clients into sending money to the wrong place, and also impersonating clients to trick firms.”

Hudgins notes that scammers aren’t the only ones who impersonate lawyers. Earlier this year, a college football coach in Kansas was charged with eight felonies involving blackmail and identity theft after he sent fraudulent cease-and-desist emails to several news organizations. The coach posed as a real attorney at the Cochran Law Firm and used an email address that resembled the firm’s domain name.

Alex Holden, CISO at Hold Security, told Legaltech News that it’s hard to stop someone from impersonating your company or employees, but he said there are steps that law firms can take to mitigate the threat. Organizations should educate clients and employees about what type of information or actions they’ll request, and they should implement processes to ensure that impersonators are detected and stopped before they can cause damage.

Organizations can also teach their employees to identify impersonation and phishing attempts. New-school security awareness training is the best way to help your employees recognize red flags and thwart imposters.

Legaltech News has the story:

Will your users respond to phishing emails?

KnowBe4's new Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

PRT-imageHere's how it works:

  • Immediately start your test with your choice of three phishing email reply scenarios 
  • Spoof a Sender’s name and email address your users know and trust
  • Phishes for user replies and returns the results to you within minutes
  • Get a PDF emailed to you within 24 hours with the percentage of users that replied

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

Weak Password Test Contest

Get the latest about social engineering

Subscribe to CyberheistNews