Hackers target law firms
Law firms are being targeted by cyber criminals, potentially to gather information for insider trading deals, according to recent media reports. The BBC reports that the computer systems of several US companies had been compromised, but it was unclear what any stolen data was being used for.
A spokesperson for an American security firm told the BBC that some suspicious activity had taken place with authorities currently investigating the situation. Law firm Cravath Swaine & Moore LLP also confirmed it had suffered a breach, describing it as “limited”. But the statement said the company wasn’t aware whether or not the accessed information had been used improperly.
Simple hacking tactics
One of the primary tactics used by cyber criminals is email hacking – a fairly simple technique, often involving fake email address, where victims are tricked into transferring money or data by fraudulent senders. London law firm CMS, which brokers cybersecurity insurance policies, told the BBC that a number of its clients had reported email interference.
“We’ve seen examples of emails that purport to come from a managing partner to a more junior lawyer directing them to make payments to an account or to send certain information to an address,” Stephen Tester, a partner at CMS, told the BBC.
“They can look very much like a regular message.” Mr Tester said some firms had reported breaches of their video-conferencing systems as well.
“There are ways in which people can go into video-based conferencing facilities and literally listen in on meetings,” he said. Read more about important email scam signals to look out for.
Big Risks for law firms
While email hacking is a growing concern for all businesses, the risk is a particular concern for law firms, which carry data of a sensitive nature. For other organisations though, the financial risk is significant, with an increasing number of business falling victim to massive losses in recent years.
While the scam is often relatively simple in its technique, so is the solution. Experts advise anyone who receives an email requesting either monetary transfers or sensitive data to attempt to speak to the person in question before taking any action.