Advanced phishing

How (and why) are law firms targeted by phishing attacks?

by Egress
Published on 2nd Jul 2021


Legal professionals have a unique obligation to mitigate various risks, whether crafting infallible arguments for trial or negotiating complicated contracts. But in recent years, as the volume of sensitive data being managed by the average law firm has skyrocketed, the previously unfamiliar risk of cybercrime has presented a serious challenge to otherwise incredibly capable legal teams.

In truth, law firms have always made great targets for hackers. Their work is associated with high levels of confidentiality and often involves the management and protection of vulnerable information. But this is particularly the case in today’s technological climate, as decades of advancement, as well as the remote work arrangements forced upon firms by the 2020 pandemic, have greatly accelerated digital transformations in the legal space.

A rising epidemic of phishing

With more data being housed and managed in different virtual locations, the possibility of that data being exploited has significantly increased. Although cybercriminals deploy various methods to execute data breaches, these methods overwhelmingly involve the manipulation of email platforms and typically fall under the broader category of phishing scams.

Phishing simply refers to a hacker’s attempt to coax valuable information from a target, whether through impersonation or the activation of malware through malicious website links. Two of the most common phishing tactics levied against law firms today include ransomware, in which hackers demand payment by threatening to release sensitive data, and email fraud, in which clients or third-parties are impersonated in an attempt to trick legal professionals into transferring funds to hacker organizations.

Both methods remain favored by cybercriminals, and currently upwards of 86% of cyberattacks begin with one email phishing scam or another.

Ransomware: A serious and growing threat

Ransomware has become a full-blown trend among cybercriminals, whose increasingly high-profile attacks have frequently featured in headlines over the past year. The software behind these attacks is particularly disruptive to their targets, as it can lock access to entire networks and systems, in addition to holding the sensitive contents of those systems for ransom.

A ransomware attack can represent something of a perfect storm for cybersecurity teams, and it’s so prevalent today that Cyber Ventures predicts a business will be infiltrated by ransomware software every 11 seconds by next year.

In 2019, a Providence law firm had its system shut down and held for ransom for $25,000, after which the attackers failed to return access to the firm's data. Additionally, ransomware has been used to attack online court systems directly, and hackers have successfully disrupted online court services in both Georgia and Philadelphia, negatively affecting pending cases and document filing systems for weeks.

Email fraud – a familiar but dangerous problem

Law firms are uniquely susceptible to email fraud attacks, as the strong personal relationships they build with clients can be exploited through carefully planned impersonation campaigns. Unfortunately, numerous firms and legal teams have been successfully defrauded by cybercriminals over the years, and the repercussions tend to be significant.

In one particularly costly case, a New York law firm was sued for malpractice by a client after Chinese hackers impersonated an attorney and initiated a fraudulent $2 million wire transfer. By gaining access to the attorney’s AOL email account, the hackers were able to study previous interactions and communicate with the client without raising any red flags.

If law firms aren’t constantly anticipating and preparing to address cybersecurity threats, it’s only a matter of time before hackers identify them as the next easy target. Whether it’s the delivery of a phony invoice or a more drawn-out manipulation campaign, legal teams that lack protective software as well as adequate training to recognize suspicious activity will only become more vulnerable as tactics evolve.

Egress Defend: Protecting law firms with intelligent tech

Egress Defend uses the latest in machine learning and natural language processing (NLP) technology to detect the most convincing, and therefore damaging, inbound phishing attacks. This includes advanced threats such as business email compromise (BEC) and brand forgery, CEO fraud and impersonation attempts, and spear phishing.

Defend is the only solution globally to operate on a zero-trust model, analyzing the context and content of every inbound email before it’s delivered to an employee’s inbox. Going beyond the analysis provided by SEGs and social graphing, Defend can determine every sender’s authenticity, detecting when cybercriminals are using compromised accounts on authenticated domains or have used open-source intelligence to make their attacks more convincing.

Using a traffic-light warning system and insight summaries, the solution alerts users to both of the most dangerous types of phishing: hyperlinks weaponized with ransomware, and ‘payload-less’ attacks; those that don’t contain a malicious attachment or link, but instead build trust with the recipient over time to request an action be carried out, such a payment transfer.

Want to learn more?

Interested in how the Egress platform can offer your law firm the depth of protection it needs? Find out more here, or arrange a no-strings attached product demo today.