As a common target of fraudsters, lawyers and law firms must be vigilant about the dangers associated with email spoofing and phishing schemes, where fraudsters will send fabricated emails purporting to be from a trusted colleague or third party in an effort to trick a lawyer or staff member into clicking on a dangerous link or downloading a dangerous attachment. These fraudulent schemes continue to evolve as lawyers and firms become aware of various red flags and danger signs.
The following is a summary of a spear phishing attempt directed at an Ontario law firm, and six tips on how lawyers can protect themselves from such online fraudsters.
A true story of one firm’s close call during an attempted fraud
It began with multiple members of the firm—staff and lawyers—receiving an email, ostensibly from the firm’s receptionist. The address of the sender, as displayed in the “From” line of the email, was an exact duplication of the receptionist’s work address—it contained no misspellings or other obvious signs of being a spoof. The body of the email simply said “please see attached invoice,” and contained an attachment labeled “invoice.”
Please log in to read the full article.