Phishing Attempts Targeting Law Firms And Clients Rife

Over two thirds of the UK public believe they have been targeted by phishing emails in the last six months.

According to recent research, compiled by Bongate IT, 68% of UK inboxes have been inundated with unscrupulous email phishing attempts.

Furthermore, the survey, which questioned individuals from around the UK, found that almost a quarter (23%) of respondents had noticed a clear increase in the number of phishing emails when compared with emails received a year earlier.

Phishing emails were very rarely isolated incidents according to the poll. 41% that had recognised a phishing email claimed to have received more than 10 in the previous six months.

Almost a sixth (16%) were finding up to 25 fraudulent emails within a six month period.

Whilst almost one in ten (9%) were finding up to 50 phishing emails in a six month period, 16% of respondents believed the figure exceeded 50.

This type of fraud is extremely popular within the legal sector as fraudsters target law firms and their clients.

In September alone, the Solicitors Regulation Authority (SRA) issued eight separate scam warnings regarding sophisticated fraudulent emails using the details of SRA regulated firms and solicitors.

The fake emails are an excellent example of the sophisticated social engineering tactics employed by cyber criminals attempting to successfully commit impersonation fraud.

Earlier this month, emails were sent claiming to be from Maurice Muchinda of Shoosmiths LLP attempting to intercept and divert a payment to an unknown third-party account.

The SRA believe the client’s computer could have been compromised prior to the intercepted and consequently fraudulent emails being sent to the client.

The fraudster used the email domain ‘[email protected]’ to send the alternative bank details to the client. The domain is extremely close to the authentic law firm email address with the only minor difference being the ‘e’ on the end of Shoosmiths.

The SRA has confirmed that the solicitor Maurice Muchinda works for Shoosmiths LLP and both are regulated by the SRA. Whilst the attempted fraud was uncovered and noticed by the client, the nuanced details and sophisticated social engineering techniques make these frauds increasingly difficult to detect.

The perceived frequency of this form of attack means that individuals and organisations need to be vigilant at all timed to avoid the success of future phishing attacks.

Garry Brown, Managing Director of Bondgate IT, said:

“Sadly, many victims can be completely unaware that they have been the victim of a phishing attack and don’t always appreciate the dangers of opening what might appear to be a legitimate email and clicking on what is in reality a malicious link or attachment.

“As a result, all kinds of sensitive data could be being posted for sale to criminals operating on the dark web in a matter of minutes.

“Such attacks are growing in sophistication and range from targeting individuals to gain sensitive information, such as passwords and account details, to so-called whaling – where cyber criminals target senior management of a company, often with devastating effects.”

Are your clients peppered with phishing attempts? Do you educate your clients on the warning signs of phishing type frauds?

X