Skip to main content

What lawyers need to know about Phishing attacks

By June 8, 2023September 19th, 2023law practice, security

Phishing attacks on law firms are increasing. Lawyers need to better understand phishing attacks and how to prevent them, especially those in solo or small firm practices.

What is Phishing?

Phishing attacks are where bad guys pretend to be someone else to trick you into giving them your personal information. Here’s how they usually do it:

1. Fake Emails or Messages

They’ll send you an email or message that looks like it’s from a trustworthy source. This could be your bank, a big online shop, a government office, or even someone you know.

2. Asking for Information

The message will usually ask you to share private information.

It might say there’s an issue with your account, that you’ve won something, or that they need a response from you urgently for some other reason.

3. Copycat Websites

Often, the email will have a link to a website. This website will look like a real site you know (like your bank’s site), but it’s actually a fake one controlled by the scammers.

If you put in your username and password, they can grab that info.

4. Harmful Software

Sometimes, clicking a link or opening an attachment in a phishing email can put harmful software on your device.

This can let the scammers steal your information, watch what you’re doing online, or use your device for other bad stuff.

Famous Phishing Attack

One of the most notable examples of a phishing attack involved the 2016 U.S. presidential election. The victim was John Podesta, the chairman of Hillary Clinton’s campaign.

The attack worked like this:

Podesta received an email, supposedly from Google, stating that someone had used his password to try to access his Gmail account. The email contained a button saying “change password”.

But, the email wasn’t actually from Google, and the “change password” link didn’t lead to Google’s website.

Instead, it led to a fake site set up by the attackers.

When Podesta followed the link and entered his password, the attackers captured his credentials. They then had access to his entire email account, which contained a large amount of sensitive information. Leaks of these emails had significant political repercussions.

It’s important for everyone today to beware of phishing scams.

But if you want to make it easier to avoid getting duped use a password manager

How Password Managers Help

There are simple ways to improve your passwords. But the best protection comes from using a password manager. A password manager can help prevent phishing attacks in several ways:

1. Auto-fill feature

Password managers have a feature where they can automatically fill in your username and password on sites you’ve visited before.

If you’re lured to a phishing website that looks like a legitimate site (say, your bank’s website), your password manager won’t recognize the site and thus won’t fill in your information. This can be a good indicator that something is wrong.

2. Unique passwords

Password managers encourage the use of unique, complex passwords for each individual site or service you use. If one site you use is compromised in a phishing attack, having unique passwords can contain the damage and prevent the attacker from gaining access to your other accounts.

3. Two-factor authentication (2FA)

Many password managers support or even require two-factor authentication. This adds an additional layer of cybersecurity for lawyers who want to make it harder for attackers to access accounts even if they somehow obtain your password.

4. Secure password sharing

If you need to share access to an account with someone else, a password manager can do this securely. This can help prevent phishing attacks by eliminating the need to send passwords over insecure channels like email, which could be intercepted by attackers.

5. Password generation

Password managers typically include a password generator that can create strong, random passwords. This eliminates the risk of using easily guessed passwords, which are more susceptible to phishing attacks.

Also, consider using two-factor authentication, or an Authenticator App, for an extra layer of security.

6. Alerts

Some password managers can alert you when a website you’ve stored in your vault has been compromised. This means you can change your password immediately to minimize the risk.

Remember that while password managers can significantly enhance your online security, they are not a silver bullet.

It’s still important to stay vigilant for phishing attempts, such as suspicious emails or messages, and to keep your devices secure and up-to-date.

The Best Password Manager

If you want to know what the best password manager is for lawyers, read this article.

And if Your Law Firm Gets Hacked

Remember that you might have to report the breach under breach notification laws, which obviously is not good.


Technology creates massive leverage when you use it selectively. This short Assessment will help you discover which tools you should be using to make massive improvements.
Skip to content