Technologist - The FindLaw Legal Technology Blog

How to Avoid Socially Engineered Email Attacks

In plane, train, and automobile crashes, human error is often the cause because technology is more fool-proof than the people in the drivers' seats.

It's a harsh indictment, but finger-pointing before a tragedy is better than after one. In the collision of email and cyberattacks, it is also a human problem.

According to reports, the latest email scam has cost businesses about $3.1 billion. Here are some ways law firms can avoid the human errors that lead to serious crashes.

Socially Engineered Email

Socially engineered cyberattacks occur when a hacker targets human behavior. It typically comes through an email that invites a lawyer to respond, disclose information, or take a case.

The attack does not occur behind the scenes, hidden in some code. It often begins with a social media site, like LinkedIn, Facebook or other account.

The cybercriminal will glean information about the firm, and then send an email using that information to start the scam. Rule No. 1: be careful about what you post on social media.

"Low-tech social media attacks are a dangerous form of cyberattack that goes straight to the heart of a law firm's biggest point of weakness - their users," says Ian Raine, director of product management at iManage. "The consequences of a successful attack can be firm ending."

Malware Email

Another email scam, that installs malware behind the scenes, looks like this:

"Dear Bar Member:

"A complaint has been filed against your Business. Enclosed is a copy of the complaint, which requires your response. You have 10 days to file a rebuttal if you so desire. You may view the complaint at the link below."

You know not to do that, right? Here are some other tips:

  • Do not open suspicious attachments
  • Double-check the sender's address before opening email
  • If you are not sure, call the sender to confirm the email's origin
  • Report fraudulent email to clients, firms, and authorities

Related Resources: