'Phishy' emails

'Phishy' emails

Training staff to spot suspicious emails can combat Friday afternoon fraud, says Vanessa Crawley

Cybercrime has dominated the headlines recently with the WannaCry ransomware causing global healthcare, telecommunications, and banking services, among other businesses, to grind to a halt. With security experts still picking through the fallout, law firms and others will be on high alert for follow-up attacks. ‘Friday afternoon fraud’, or phishing, is one such intrusion which is becoming much more commonplace and sophisticated.

While the advancement of technology has created many opportunities and boosted the economic climate, it has also opened up serious risks to businesses, including cybercrime. Phishing has caught many businesses out and cost them money. Law firms are by no means immune to this threat.

Phishing is a term used to describe the process whereby fraudsters contact victims (e.g. a staff member) often by email, pretending to be a trusted source and inviting users to disclose sensitive information; installing malicious software on users’ computers; or stealing personal information from their computers.

Phishing scams can be well thought out by fraudsters and some target law firms (and other businesses, including banks) and tend to attack in two stages. Stage one involves receiving an innocuous email, possibly even from a contact, which, once opened, downloads malware to the user’s computer which can spy on the computer’s activity. Stage two then sees the user receive an internal email which looks very genuine and convincing asking for a money transfer or authorising the transfer of money.

Phishing criminals are becoming more sophisticated, which means such scams are harder to detect and are happening more regularly. To tackle this risk it is essential that law firms and businesses become vigilant and implement training for all members of staff – not just for the accounts team – to spot suspicious emails and make appropriate checks to determine whether they are genuine.

It is easy to check whether emails are genuine – a phone call to the sender should verify whether they sent the communication. Phishing emails tend to be written badly and should raise eyebrows if the email has ‘supposedly’ come from a professional company. Also, if you regularly correspond with a third party or an internal staff member (who the phishing criminal is claiming to be), you will have an idea of the tone and language of their emails. If you receive something that does not ‘sound’ like them, you should contact them to verify.

All communications that require a money transfer should be verified. For example, speak with internal staff members to confirm whether such a transfer is required, and if so, search the name of the company on the internet for their correct contact details and ask them to confirm their bank details. Having a good software system in place may also assist you in the verification process and block any phishing emails.

Taking small measures like these can also help law firms stay compliant with data protection and privacy laws. Every business has a duty to keep personal data and information secure, therefore robust systems and thorough training should be implemented to avoid becoming a victim of cybercrime.

Vanessa Crawley is a corporate solicitor at SA Law

@SA_Law salaw.com

AdvertisementAdvertisementAdvertisementAdvertisementAdvertisementAdvertisement
Latest News

The Chancery Lane Project expands to the USA

Thu Sep 21 2023

Delay in Final Report of the Infected Blood Inquiry

Thu Sep 21 2023

Attorney General presents UK intervention in Ukraine case against Russia at International Court of Justice

Thu Sep 21 2023

Firms losing potential clients by failing to return their calls, research shows

Thu Sep 21 2023

Powers of attorney modernised as legislation allows CILEX Lawyers to certify LPA copies for the first time

Thu Sep 21 2023

Stark contrast between Government response to Post Office Horizon victims and Infected Blood

Wed Sep 20 2023

ACSO comments on the Justice select Committee report:

Wed Sep 20 2023

Campaigners win permission to appeal against Sizewell C Nuclear Power Station ruling

Tue Sep 19 2023

Pre-inquest review into the deaths of Reading murder victims, James Furlong, Dr David Wails and Joseph Ritchie-Bennett

Mon Sep 18 2023
FeaturedAudit reform: if not now, when?
Audit reform: if not now, when?
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
The battle for talent – promoting diversity
The battle for talent – promoting diversity
BSB publishes new guidance on barristers’ conduct in non-professional life and on social mediaSJ interview: Adrian Chopin
SJ interview: Adrian Chopin
Whose human rights are more important, yours or mine?
Whose human rights are more important, yours or mine?