Beware: New Phishing Scam On The Rise

Beware: New Phishing Scam On The Rise

Phishing scams, a long-standing issue that many people are familiar with, have become even more dangerous and prevalent in today’s technology-driven world. This is especially true for the legal industry and businesses, as a new phishing campaign specifically targeting solicitors, barristers and law firms is developing right now in the UK.

The Current Situation

This campaign entails emails being sent to individuals, from known contacts in other legal firms and local businesses, which look like genuine emails from people you may know.

They are not ‘spoofed’ emails that we are normally used to, but they contain a malicious link, which if clicked initially re-directs the user to a webpage displaying a shared document.

Here’s where the danger lies: if you, the user, enter your username, password, and multi-factor authentication token to access the document, your email account is breached.

The attackers then use the compromised account to send more malicious emails to all of your unsuspecting contacts, continuing the cycle. This results in a growing number of breached firms, both in the legal industry and among local businesses and suppliers.

The motivation behind this phishing campaign is called ‘credential harvesting’. Criminal actors aim to gather account credentials that can be sold or passed on to other cybercriminal groups for further attacks. The consequences could include ransomware attacks or other breaches if proper mitigation measures are not taken.

What should I do?

To protect yourself from falling victim to this scam, it is crucial to exercise caution. Avoid clicking on suspicious or unverified links and always double-check with the supposed sender about any shared documents.

Additionally, it is important to ensure that you are up to date with your GDPR training and that it is fully completed. In the event of a breach investigation, the ICO will ask to see your certificate. Failure to do mandatory training can contribute to the ICO’s decision to sanction any business. We advise everyone to log into our Briefed portal and check your certificate is dated within the last 12 months.

What do I do if I click on an unverified link?

  1. Reset your account passwords immediately.
  2. Reset (and implement) multi-factor authentication.
  3. Notify your IT department or IT Specialist.
  4. Notify your in-house Data Protection Lead, as you may need to report the matter to the ICO.

You might also like

Seven Steps for Business Success Blog
read more
7 Steps for Business Success More

Orlagh Kelly is a barrister, tech visionary and disruptor. In the past 20 years she has established two successful businesses....

man working from home office
read more
The Challenges of Hybrid Working: Maintaining Data Security More

COVID-19 created unprecedented operational and security challenges for businesses globally across multiple sectors...

Pexels august de richelieu 4427819
read more
The Art of Strategic Networking in Legal Marketing More

Networking is essential in the legal industry, and it is an art that requires skill, patience, and dedication. Effective networking can help...