Recent research has shown changes in the effectiveness of various phishing attacks.

Cofense, previously PhishMe, issued a report based on 1,400 clients in 23 industries in more than 50 countries that notes that 7.5 million phishing emails were reported in 2017 alone. But the effectiveness of phishing campaigns has shifted.

In prior research, users were most emotionally motivated to open emails that made them feel a sense of urgency, fear or opportunity. Those three emotional motivators have now been replaced with entertainment, social and reward/recognition.


phishing 1

Currently, some of the most effective phishing emails are fake holiday eCards, new rewards programs notifications and fictitious emails claiming grievances filed with state bar associations.


Active, high-risk phishing campaigns targeting legal services providers that law firms should be aware of include parking enforcement, tax evasion and canceled order notifications, as noted in the following breakdown:



Older phishing emails that are still effective include:



What’s the best way to prevent your law firm from falling victim to phishing attacks? Training your employees to react appropriately when they receive suspicious messages.


For more information on cybersecurity threats to law firms, visit our law firm cybersecurity tips series. If you’ve become a victim of a cyberattack, learn what to do with our post-attack checklist

If you’d like more help protecting your law firm from phishing and other cybersecurity risks, contact us.