The weakest link in email phishing is the intelligent person who is convinced that they are too smart to be phished. It happens to everyone. The only defense is awareness, recognizing it when it happens, and quickly taking action. If your estate planning and elder law firm has a lax attitude towards phishing emails, you are definitely at risk. Phishing has become more sophisticated and more effective, because it’s very profitable.
Phishing is the use of email messages that appears to come from legitimate sources and is designed to get people to panic and then, without thinking, provide private information or open links to websites that download malicious software.
But that’s just for starters. There’s also browser autofill phishing, when fields are hidden from the user but are filled out automatically by the browser form’s autofill feature. You didn’t mean to fill out those fields, but your browser does so automatically. This can happen in a Safari or Firefox browser too, although some sources report that Chrome is far more vulnerable.
Hackers exploit news trends. Hours after Trump won the election, hackers launched a wave of cyber attacks targeting think tanks, with headlines about the election. The emails were set to look like they came from prestigious educational institutions and were targeted (this is called “spear phishing”) to these types of organizations.
How can you and your law firm avoid becoming a victim of phishing?
Don’t panic, even if an email seems threatening. Your boss, the IRS or the court system (or any legitimate entity, for that matter) is not sending emails that require an immediate click on a link. If you receive such an email, open a new email and verify that the person has actually sent it. Business owners (and that includes law firm managing partners) are often spoofed because hackers know that employees/associates will respond quickly to an email that demands fast action. Don’t fall for it.
Don’t click on links embedded in an email unless you know the person sending the email. Better yet, even if you know the person sending the email, open a new tab in your browser and find the website that the link allegedly comes from. Don’t cut and paste the link from the email, even in a new browser tab. That will bring you to the same place.
If you receive an email from an entity you do business with (a bank or brokerage house) that seems phishy, consider the source, the tone/tenor of the email and if there is another way for you to contact the person. Bank emails have a long history of being phished; logos and typefaces are easily copied and it is easy to create an email that looks real.
If you have opened a link and realize that something is not right, don’t wait. Immediately contact the person in your firm responsible for technology or IT security (or the office manager, who is often the contact point between the firm and your IT provider). The faster you act, the faster they can protect the firm.