“Spear-Phishing” has recently become a growing concern for law firms. Zack Needles reports a small law firm in suburban Philadelphia and the largest firm in the world suffered from attacks and even multimillion-dollar cybersecurity technology could do nothing.
What is Spear-Phishing?
Spear-phishing is a fraudulent practice of sending emails from a trusted sender to targeted individuals to reveal confidential information. In the age of digital crimes, a lot of law firms are trying to protect their clients’ data. Today, everything from intellectual property to business secrets to confidential information has become a target by attackers. These threats are a challenge for law firms as they try to make client information accessible and also keep it confidential.
Spear-Phishing Becomes More Sophisticated
In the past, hackers would impersonate loved ones or co-workers and pretend to be locked in some foreign place asking for big money. Today, emails come from partners and clients with convincing information to disclose data or make large wire transfers. In most cases, they monitor information and can come up with convincing details that make individuals get involved in fraudulent transactions.
The chief privacy officer of the attacked firm says, “What that means is that [the hackers] are in the middle of the conversation. They’re watching it. Sometimes you get an email that looks like it’s from a similar place as someone you know, and sometimes they’ve gotten that person’s credentials, and they’re actually sending emails from a valid email address.”
An example of a fraudulent transaction took place with a three-lawyer real estate and corporate transactional law firm that fell victim of a hacker who presented himself as a partner of the firm and emailed about a loan transaction. The hacker was very knowledgeable about the relationship and the state of affairs. Eventually, Bank of America made the transfer only to find out that the partner did not know about $580,000 request. The firm sued Bank of America for not stopping the transaction when it was notified of the breach, but the court dismissed the action saying the bank did not breach any agreement.
Cyber Attackers: Summary
You may think that the most threat comes from individuals. But according to Warwick Ashford, “Nearly two-thirds of organizations are potential targets for nation-state cyber-attacks.” In fact, those hackers that are sponsored by nation-states have the most resources and are the most dangerous. They break defense contractors, newspapers, and companies.
The second group of attackers makes up non-state organizations. Their traditional methods include malware and viruses.
In fact, individuals make up the smallest group and typically are less sophisticated and their motivational drives are weaker.