Phishing email attacks are on the rise, and criminals are spending more time doing personal research on the victims.
As a result, their social engineering attacks – mainly wire transfer scams, business email compromise, and spoofing of high-profile accounts – are getting harder to detect.
The latest Microsoft Security Intelligence Report illustrates the extent of the problem. Microsoft investigators analyzed millions of emails worldwide. What they found was that the number of phishing scams rose from .14 percent of all emails in January 2018 to .85 percent in July 2019.
“Even while technology is getting better at detecting phishing, it continues to be a threat due to the human nature of it,” says the Microsoft Report. “Attackers will continue to use and advance their social engineering techniques because of the success they’ve had with them. We see attackers using domain name spoofing – to impersonate emails to look like they’re coming from known brands or colleagues, and catchy subject lines as successful methods to get users to click on emails.”
One way to protect your practice against cyber events is by being insured with Lawyers Mutual. When we learn about new scams and emerging threats, we send out alerts to our insureds. It’s one way we help keep you safe and successful. Learn more about Lawyers Mutual here.
Microsoft Security Intelligence Report
How to protect yourself against cyber attackers that are getting more sophisticated by the day?
The best way is to erect multiple lines of defense, says Microsoft. These include anti-virus applications, firewalls, software patches and updates, user training, and multi-factor authentication (MFA). From the Report:
“Spear phishing emails do a great job of effectively impersonating a credible source; however, there are often small details that can give them away. Help users identify phish using training tools that simulate a real phish. Here are a few tells that are found in some phish that you can incorporate into your training:
- An incorrect email address or one that resembles what you expect but is slightly off.
- A sense of urgency coupled with a request to break company policy. For example, fast tracking payments without the usual checks and procedures.
- Emotive language to evoke sympathy or fear. For example, the impersonated CEO might say you’re letting them down if you do not make the urgent payment.
- Inconsistent wording or terminology. Does the business lingo align with company conventions? Does the source typically use those words?”
4 Steps to Frontline Protection
What can you do in your law firm? Start with education, training and consistent communication. Here are four steps recommended by ABC News tech writer Joyce Rosenberg:
- Be wary of any link or attachment. “Unless it’s absolutely clear from the context of an email that the link or attachment is OK — for example, a staffer writes, ‘here’s the link to the website we discussed at our meeting this morning’ — assume that clicking could get you in trouble. Be particularly suspicious of emails about package shipments, invoices or that ask for personal information, logins and passwords. An unexpected email from the IRS is a scam; the agency does not initiate contact with a taxpayer via email, phone calls, texts or social media.”
- Check the email address. “Even if the email comes from someone you know, double-check the address. Cybercriminals can take an email and make subtle changes — for example, replacing a ‘m’ with an ‘r’ and an ‘n’ that you might not notice unless you look closely at it.”
- Confirm with the sender. “If you get an unexpected email with a document or a link, check with the sender. Don’t click on ‘reply’ or copy the email address. Call or send a separate email, using an address you know is correct.
- Consider restricting staffers’ use of personal email browsers on work PCs. “If staffers can’t read their own email, it can reduce a company’s vulnerability.”
Want to stay on top of news you need to know? Partner with Lawyers Mutual. We have risk management resources, claims assistance and unparalleled personal service. Learn more about what Lawyers Mutual can do for you.
Jay Reeves practiced law in North Carolina and South Carolina. Today he helps lawyers and firms succeed through marketing, work-life balance and reclaiming passion for what they do. He is available for consultations, retreats and presentations (www.yourlawlife.com). Contact firstname.lastname@example.org or 919-619-2441 to learn how Jay can help your practice.