Phishing Scams Lawyers Face and How to Protect Against Them
Scams abound in today's digital environment, but phishing remains one of the most devastating.
The 2019 State of the Phish Report revealed that 83 percent of organizations suffered phishing attacks in 2018. This represents a notable increase from the 76 percent of respondents who endured such attacks the previous year. These attacks took several forms, with many prompting significant losses.
Attorneys and law firms, in particular, suffer in the aftermath of such attacks, as your business model is built, above all else, on trust. The very trust clients place in their attorneys can prove a real liability when they are targeted by clever scam artists.
Thankfully, despite the prevalence of phishing attacks, attorneys are far from powerless. By incorporating just a few additional security measures, you can stave off a variety of attacks. Strong security begins with knowledge, so we've highlighted a few of the most common scams targeting lawyers—and options for protecting against them—below.
Known-Entity Phishing Attacks
Phishing typically involves attackers posing as legitimate individuals or entities in hopes of securing access to sensitive data. Traditionally, attackers have posed as IRS agents or bank employees, but their schemes can take many forms—including some specifically designed to place attorneys in harm's way.
For example, a Texas attorney recently reported that she was contacted by a scammer falsely claiming to represent the Texas State Bar. She recognized the contact as fraudulent and promptly reported the incident.
In a similar 2016 attack, then New York Attorney General Eric T. Schneiderman issued a press release revealing that several attorneys appeared to receive emails from his office. These fraudulent messages alleged that the targets needed to respond to official complaints. The emails contained hyperlinks to said complaints, which looked like inconspicuous PDF documents but actually included malware.
Beyond taking on the purported role of bar association or government agency, scammers may also pose as law firms’ vendors or suppliers, sending them fraudulent invoices or data telling them they need to change their payment options in an effort to receive credit card and financial information.
These known-entity phishing attacks can best be avoided by gaining a better understanding of how these organizations actually get in touch with attorneys, as well as which emails or phone numbers they're most likely to use. Do not offer up personal or financial information if solicited via email, especially when contacted about deals that seem too good to be true. Additionally, email titles or content may seem odd. For example, in the aforementioned New York Attorney General case, phishing emails appeared to come from The Office of The State Attorney Complaint, which doesn’t actually exist.
The digital intake process can provide exciting opportunities to onboard leads. If not properly secured, however, this approach can present numerous risks. Fake client phishing scams are especially dangerous, as incongruities that would typically cause alarm among discerning attorneys may not immediately stand out when new clients are seemingly involved.
Scammers often pose as prospective clients seeking urgent legal assistance. Lawyers may be asked to provide contact information or even to complete wire transfers. While these schemes are sometimes easy to spot, scammers have recently grown far more sophisticated, sometimes even stealing the identities of actual professionals in hopes of throwing their victims off the scent.
Lead intake procedures can play a huge role in weeding out potential scam artists. Ideally, intake will occur over a secure platform, rather than relying on unsolicited personal emails. Attorneys should review submitted information thoroughly to ensure the legitimacy of prospective clients.
Beyond the preventative measures highlighted above, law firms can benefit from implementing two-factor authentication and strong password security policies. Continuous backup can ensure that, in the event of a breach, client data remains safe and accessible only to authorized parties.
Vigilance is critical in today's risk-filled digital sphere. Attorneys are by no means invulnerable to the threats internet users face. With an increased understanding of common phishing attacks and protective measures used to prevent them, though, lawyers can avoid today's most devastating scams.