Phishing and Spear Phishing and how to protect your law firm

In a report just published, Cybercriminals Promise Millions to Skilled Black Hats.

Cybercrime groups looking for accomplices who can help them extort money from high-worth individuals, including company executives, lawyers and doctors, promise monthly pays starting at $30,000 per month ($360,000 per year)

The past few years have seen an increase in phishing attacks on law firms. Cybercriminals are attacking law firms to gain access to the highly confidential data held by attorneys and solicitors. Healthcare industry attacks are often conducted to obtain sensitive patient data that can be used for identity theft and tax fraud. Phishing attacks on law firms on the other hand are conducted to steal data for insider trading. Data are also stolen to allow cybercriminals to blackmail law firms.

Law firms are threatened with reputation-killing publication of highly sensitive client data if sizeable payments are not made. Since law firms hold secret documents, including potentially damaging information on their clients, it is not only the law firm that can be blackmailed. Clients are also contacted and threatened. The profits that can be made from insider trading are enormous. The data held by law firms is incredibly valuable. It is therefore no surprise that phishing attacks on law firms are increasing. Cybercriminals see law firms as perfect targets.

While law firms must ensure that firewalls are in place along with a host of other cybersecurity protections to prevent their systems from being hacked, 90% of all data breaches start with phishing attacks. A simple email containing a link to a website is sent to attorneys’ and solicitors’ inboxes. The links are clicked and users are fooled into revealing login credentials to networks and email accounts. The credentials are captured and used to gain access to sensitive data.

According to the 2017 Verizon Data Breach Investigations Report 59% of all emails to law firms are phishing emails designed to trick the end user to log into a fraudulent system or download malicious malware.

For an example of this, the Panama Papers had an unprecedented leak of 11.5m files from the database of the world’s fourth biggest offshore law firm, Mossack Fonseca.

According to Law Technology Today “Phishing scams have become a widespread problem — you’d be hard pressed to find anyone who hasn’t been the recipient of a phishing email.”

Even with all the investment in cyber security technologies, phishing is still responsible for 90% of all data breaches worldwide. And awareness training is clearly not working.

With MetaCert’s software, it’s virtually impossible for anyone to fall for a phishing scam. It takes just 30 seconds to install and 60 seconds for an employee to learn how to use it. MetaCert works well with all other security solutions, acting as a last line of defense where ProoPoint, Cisco and other solutions have been deployed.

If you make the connection with David for the purpose of this deal we’ll pay you commission. And I’ll also give you commission on anything we close thanks to an introduction made by David — not as high but something for sure.

How to protect your law firm

If awareness training was effective, 90% of all breaches wouldn’t start with phishing. And organizations that use multiple security solutions say that phishing remains a massive problem for them.

MetaCert has built a new type of solution that reduces the risk by over 99%. It’s virtually impossible for anyone to fall for a phishing scam thanks to MetaCert’s new visual indicator for website identity. In other words, our software tells you when you are on a legit site and not a counterfeit.

With MetaCert you can easily combat Spear Phishing, a social engineer technique that targets specific individuals. Once MetaCert verifies your corporate, customer and partner domains, your employees will see the Green Shield in real time, across your company with no need for a software update.

To request a demo or to learn more about an enterprise offering please contact: business@metacert.com

MetaCert CEO. Passionate about Cybersecurity, Blockchain, Crypto, Snowboarding & Red Wine. Part of the AOL team that launched AIM. Co-founded 2 W3C Standards.