|Scams and Spam|
Spam has come in all shapes and sizes. It can be low-tech in the form of an attempt to get you to send money from your attorney trust account or it can be a high-tech attack with a malicious link or file. Regardless of the complexity, the goal is always the same: dupe you into doing something you shouldn't. While it is easy to take comfort in the expense we've put into our IT setup, purchasing advanced email filtering and anti-spam systems, it's important to understand that even the most advanced systems are not capable of reducing the threat to 0. With thousands of attempts hitting your mailbox every day, you’re going to encounter a few. Sadly, it only takes one to bring the whole house down.
There has been a dramatic uptick in the number of targeted phishing attacks on law firms. A phishing attack is a social engineering tactic that attempts to use a trustworthy or known entity as a means of "tricking" the user to download a malicious file or surrender sensitive information. One such attack targeted members of state bar associations in Florida, Nevada, and Georgia with a ransomware virus. In the attack, an email was sent out to bar members notifying them either that their dues were late or that they had pending disciplinary issues against them, requesting that they click a link or download a file that would result in installing virus capable of locking an attorney out of their computer files unless they paid a fee.
Whether its ransomware or a virus designed to pull information off your computer systems, this is the new paradigm and it demands that you approach your email with caution and vigilance. This page has been created as a resource for you and your firm staff.
Prevention starts with training and awareness. These tips can help you detect and avoid attempted scam attacks on your computer systems. Skepticism and vigilance are the best tools in your arsenal, and they require no technical knowledge to acquire. If you ever find yourself wondering why a person or business sent you an email containing a file or link, don’t open it. Prevention starts with trusting your gut, what comes next depends on how you or your firm decide a suspicious email needs to be treated.
Have a Plan
A plan can be as simple as "contact our IT Helpdesk or Insurance provider." Sit down with personnel in your office and figure out how your firm wants to respond to these incidents should one occur.
Have the Right Tools
Having the right tools can help make a bad situation less bad but cannot outright prevent the situation from happening. Consider having the following setup in your firm:
Standard legal malpractice insurance policies are not likely to cover cybercrime or cyber risk issues, which are typically separate policies.
Take a look at your firm's insurance policies and see if there are provisions for cybercrime AND cyber risk. If no such provisions exist, contact your malpractice insurer and check to see if they offer any such policies. If they don't they may be able to direct you to an insurer who does.
Here is a good article by Sharon Nelson of RidetheLightning Blog on the differences in cybercrime and cyber risk.
If It's Not Expected, It Shouldn't Be Opened
It's always good to know where you're going before you set out on your journey. Checking the destination to the hyperlink you're about to click on before you click on it will help prevent you from ending up in an unsavory place.
For example, if you receive an email containing a link from the State Bar of Montana and the link didn't have the "montanabar.org" domain name in it, you should avoid clicking that link.
Limit your exposures
The more places you've publicly plastered your email, the more opportunities you've given someone to hit your firm. You have to weigh the risks of posting your email address publicly versus the potential reward of giving potential clients another way to engage you for your services.
If you are unsure if the email is from a legitimate source, check the Internet header. Internet headers provide technical details about the message, like the sending server and the other servers it passed through. Typically, particularly where companies are concerned, you want to see if the domain of the sending server (contosocompany.net) matches up with who the sender is alleging to be. This is more time consuming and involves verifying the server domain of the sending party but is a good alternative if the authenticity of the email is in question.
Note: Internet headers can read like Klingon, but free tools are available if you'd rather not scan through the whole email. Google offers one such tool here.
Open the message in Microsoft Outlook.
Select "View," then "Options."
You'll see the headers in the "Internet Headers" box.
For more information, click here.
Open the message in your Gmail inbox.
Click the down-arrow in the top-right corner of the message.
Click the "Show original" link toward the bottom of the options box. The message will open in a separate window with the full message headers at the top.
Check the Plan or Make a Plan
One of the worst things you can do in a breach scenario is immediately react without having a plan. Step away from your machine, call a meeting and review your plan.* If you don't have a plan, call a meeting and invite your IT provider to the table to help discuss the first steps. There are Montana firms that specialize in cybersecurity response that can assist you with these types of scenarios as well as determining the full extent of the damage; it is highly suggested you consider engaging these firms when responding to a malware attach or suspected breach.
*If you are the target of a ransomware attack, your first step should be to immediately disconnect the infected machine from your network. If your machine has wireless capability, turn off the WiFi card on your machine.
Here is a link to a RansomWare Manual published on Wired.com.
Review Your Insurance
If you have insurance, you want to make sure there isn't a notification clause that requires your first call to be to your malpractice or cyber insurance provider. Additionally, your provider may have specific instructions on how you should proceed.