Phishing attacks on law firms are increasing. Lawyers need to better understand phishing attacks and how to prevent them, especially those in solo or small firm practices.
What is Phishing?
Phishing attacks are where bad guys pretend to be someone else to trick you into giving them your personal information. Here’s how they usually do it:
1. Fake Emails or Messages
They’ll send you an email or message that looks like it’s from a trustworthy source. This could be your bank, a big online shop, a government office, or even someone you know.
2. Asking for Information
The message will usually ask you to share private information.
It might say there’s an issue with your account, that you’ve won something, or that they need a response from you urgently for some other reason.
3. Copycat Websites
Often, the email will have a link to a website. This website will look like a real site you know (like your bank’s site), but it’s actually a fake one controlled by the scammers.
If you put in your username and password, they can grab that info.
4. Harmful Software
Sometimes, clicking a link or opening an attachment in a phishing email can put harmful software on your device.
This can let the scammers steal your information, watch what you’re doing online, or use your device for other bad stuff.
Famous Phishing Attack
One of the most notable examples of a phishing attack involved the 2016 U.S. presidential election. The victim was John Podesta, the chairman of Hillary Clinton’s campaign.
The attack worked like this:
Podesta received an email, supposedly from Google, stating that someone had used his password to try to access his Gmail account. The email contained a button saying “change password”.
But, the email wasn’t actually from Google, and the “change password” link didn’t lead to Google’s website.
Instead, it led to a fake site set up by the attackers.
When Podesta followed the link and entered his password, the attackers captured his credentials. They then had access to his entire email account, which contained a large amount of sensitive information. Leaks of these emails had significant political repercussions.
It’s important for everyone today to beware of phishing scams.
But if you want to make it easier to avoid getting duped use a password manager
How Password Managers Help
1. Auto-fill feature
Password managers have a feature where they can automatically fill in your username and password on sites you’ve visited before.
If you’re lured to a phishing website that looks like a legitimate site (say, your bank’s website), your password manager won’t recognize the site and thus won’t fill in your information. This can be a good indicator that something is wrong.
2. Unique passwords
Password managers encourage the use of unique, complex passwords for each individual site or service you use. If one site you use is compromised in a phishing attack, having unique passwords can contain the damage and prevent the attacker from gaining access to your other accounts.
3. Two-factor authentication (2FA)
Many password managers support or even require two-factor authentication. This adds an additional layer of cybersecurity for lawyers who want to make it harder for attackers to access accounts even if they somehow obtain your password.
4. Secure password sharing
If you need to share access to an account with someone else, a password manager can do this securely. This can help prevent phishing attacks by eliminating the need to send passwords over insecure channels like email, which could be intercepted by attackers.
5. Password generation
Password managers typically include a password generator that can create strong, random passwords. This eliminates the risk of using easily guessed passwords, which are more susceptible to phishing attacks.
Also, consider using two-factor authentication, or an Authenticator App, for an extra layer of security.
Some password managers can alert you when a website you’ve stored in your vault has been compromised. This means you can change your password immediately to minimize the risk.
Remember that while password managers can significantly enhance your online security, they are not a silver bullet.
It’s still important to stay vigilant for phishing attempts, such as suspicious emails or messages, and to keep your devices secure and up-to-date.
The Best Password Manager
If you want to know what the best password manager is for lawyers, read this article.
And if Your Law Firm Gets Hacked
Remember that you might have to report the breach under breach notification laws, which obviously is not good.