Along with ransomware, another threat — whaling — has been dominating the news lately. While phishing has been going on for years, whaling is a slight change of direction offering greater monetary rewards for successful hackers.
In our own past experience, a law firm’s bookkeeper received an innocent-looking email from the managing partner requesting that several thousand dollars be paid from a certain account. The email looked legitimate and even came from the managing partner’s email address. But, in reality, it was a spoofed email.
The attacker faked the email address, figured out who the bookkeeper was and sent them an email pretending to be the managing partner. Fortunately, the law firm had a protocol in place for the bookkeeper to contact the controller before authorizing the payment. Had that policy not been in place, the firm would have lost thousands of dollars.
Compared to Bangladesh’s central bank, the above law firm’s processes were highly successful in keeping the firm from becoming headline news and losing considerable amounts of money.
In contrast, Bangladesh’s central bank lost over $80 million in a similar attack. The bank was able to stop a $1 billion fake transaction because of one little error on the part of the hackers:
“A spelling mistake in an online bank transfer instruction helped prevent a nearly $1 billion heist last month involving the Bangladesh central bank and the New York Federal Reserve, banking officials said.
Unknown hackers still managed to get away with about $80 million, one of the largest known bank thefts in history.”
You can’t rely on mistakes by hackers to protect your law firm. Law firms must take a proactive approach to cybersecurity, which includes installing the latest endpoint protection solutions, applying regular updates and patches, performing audits and employee training, keeping on top of current cybercrime trends and taking other preventive measures.
This is the fourth in a five-post series on law firm cybersecurity. The final post will be published next Tuesday. For the previous posts, click here, here and here.
For more tips, check out our article, “Top Cybersecurity Threats to Law Firms.”
