Be extra cautious this holiday season, and your firm can avoid the consequences of serious financial loss.
It’s recently come to our attention that a law firm here in BC has been the victim of a sophisticated social engineering scam. This firm – who shall remain nameless out of respect for their unfortunate circumstances – was the target of a ‘phony direction to pay’ fraud scheme that resulted in the cybercriminals responsible walking away with a six-figure ill-gotten payday.
These types of scams are nothing new, but in the interest of helping your firm avoid a similar fate, we’re going to share what we know about how this particular scam played out.
After hacking into one of the firm’s computers, the cybercriminals monitored their email traffic for an extended period of time. They waited until the lawyer whose computer they’d compromised to head out on vacation, then sent out an email directly from that lawyer’s own account with an urgent request that the lawyer’s assistant transfer funds to a client’s account immediately. In reality, the account information provided was not for a client but belonged to the hackers.
The assistant repeatedly tried to contact the lawyer to confirm the request, but the hackers when as far as to intercept and block her calls, following that up with a second email from the lawyer’s account advising the assistant that he was busy and couldn’t take her call. The assistant then completed the transfer, leaving the firm with a significant trust shortage.
This Type Of Fraud Can Happen To Any Firm, At Any Time
Despite a solid attempt to follow up on and confirm the specifics of the phony request – which is exactly the type of policies and protocols any business or firm should have in place – the firm still fell victim to a serious scam. A loss of that size is more than just financial; it has the potential to seriously damage a firm’s reputation. After all, if clients see you as being “careless” with your own funds and data, what’s to say you wouldn’t be even more careless with theirs?
Scams like these are common enough to be a constant concern, but unfortunately, we live in a world full of Grinches, which means fraud is even more common around the holidays. Everyone is just a little busier and a little more distracted, and often that’s all it takes for a hacker to find their opening.
It’s scenarios like these that make having top-notch cybersecurity in place crucial for your firm. Had this firm had an IT support provider that kept a diligent watch over their entire technology infrastructure, the initial hack could have been detected before the situation escalated. Around the clock security monitoring can catch these intrusions before they’re able to create serious problems.
Knowing that these are the risks law firms in BC – and worldwide – face on a daily basis is why Compunet InfoTech has spent years working alongside Vancouver and Lower Mainland firms, learning exactly what legal professionals need out of their IT support. Not only does this experience allow us to provide industry-leading cybersecurity solutions to area law firms, but it’s given us the insight and expertise to help manage compliance and privacy needs, and offer technology solutions that can help your firm run more efficiently.
Technology is not one-size-fits-all, and nowhere is that truer than where cybersecurity is concerned. Working with an IT provider that specializes in law firm IT services makes a huge difference, especially when facing security threats like the one we’ve been discussing here. We’re committed to protecting every aspect of your technology infrastructure, and ensuring your staff is prepared to handle scams and fraudsters.
Author: Joe Martin, Date: 2017-12-21