Law firms are being warned that they are the target of “spear phishing” e-mails. The FBI sent out an advisory last week which
said that it believed hackers were targeting U.S. law firms and public relations firms.
The hackers are spear phishing – sending unwanted e-mails that appear to be from someone the recipient knows. Traditional phishing e-mails are usually easily identified because they are from names you don’t recognize, or even random characters strung together.
By doing this, it’s more likely for someone to open the message and then click on the links attached. Of course, we know it’s the links that are the dangerous part of phishing scams and the FBI says clicking on the link or opening the attachment will launch a self-executing file. That file, “through a variety of malicious processes,” will attempt to download another file, according to the advisory. The attachments aren’t always .exe files, which are typically some kind of software or program, but may appear to be zip files or photos.
The FBI doesn’t say what info the hackers are looking for or how badly a firm’s computer system and information could be compromised. In fact, there’s apparently no reliable way to know whether the incoming message is a scam.
The lesson for firms: if you are unsure of the e-mail, better safe than sorry in clicking on any links or opening attachments. Perhaps a phone call to the alleged sender would also help clear up any confusion.
Also, how much is too much information put on computer networks? With the push to reduce paperwork, information that was once housed in the firm is now potentially available to anyone with the means of hacking into the system. Law firms contain a mountain of personal information – both on employees and clients. Breaking into a firm’s data system could be a hacker’s dream.
Any firms here in Indiana receive these spear phishing e-mails? How often do you receive scam e-mails and how can you tell if they are real?
The hackers are spear phishing – sending unwanted e-mails that appear to be from someone the recipient knows. Traditional phishing e-mails are usually easily identified because they are from names you don’t recognize, or even random characters strung together.
By doing this, it’s more likely for someone to open the message and then click on the links attached. Of course, we know it’s the links that are the dangerous part of phishing scams and the FBI says clicking on the link or opening the attachment will launch a self-executing file. That file, “through a variety of malicious processes,” will attempt to download another file, according to the advisory. The attachments aren’t always .exe files, which are typically some kind of software or program, but may appear to be zip files or photos.
The FBI doesn’t say what info the hackers are looking for or how badly a firm’s computer system and information could be compromised. In fact, there’s apparently no reliable way to know whether the incoming message is a scam.
The lesson for firms: if you are unsure of the e-mail, better safe than sorry in clicking on any links or opening attachments. Perhaps a phone call to the alleged sender would also help clear up any confusion.
Also, how much is too much information put on computer networks? With the push to reduce paperwork, information that was once housed in the firm is now potentially available to anyone with the means of hacking into the system. Law firms contain a mountain of personal information – both on employees and clients. Breaking into a firm’s data system could be a hacker’s dream.
Any firms here in Indiana receive these spear phishing e-mails? How often do you receive scam e-mails and how can you tell if they are real?
Back to Top
Conversations
0 Comments
Add Comment