The Increasing Sophistication of Email Spoofing and Impersonation Fraud
I first encountered the murky and sophisticated world of email spoofing & fraud when I received an extremely convincing email spoof in 2016. Whilst lounging on the couch binge-watching Breaking Bad on Netflix, I unlocked my phone and began flicking through my emails.
To my shock, I had received a message from the streaming service I was currently watching informing me that I had cancelled my subscription. With the cut-off date set for just four days later. In anger, I castigated my partner for cancelling our subscription when we still had three series left to watch.
After duly correcting me for unfairly ‘expressing’ my disapproval, he informed me calmly that the cancellation was not carried out at his request. Following a conversation with Netflix, we discovered that it was an attempted phishing attack. It was lucky we had followed through to double check.
Everything was so genuine
Everything about it was so genuine – perfect logo, tone, aesthetics with fantastic grammar and spelling. Without the presence of my partner, whom I questioned without thinking, I would have definitely clicked the large red ‘restart membership’ button without a second thought. Cyber criminals would then have had access to the sensitive data held on my mobile phone. I would have been a victim of an email spoofing attack.
Fraudsters are exploiting email and social media
In January this year, Action Fraud announced that it had been bombarded with over 5,000 complaints regarding cyber criminals impersonating TV Licensing. The fraud involved asking customers to provide their payment details, including account number, CVV number, personal data and sort code.
According to a recent report by the Office of National Statistics (ONS), cyber criminals are adapting to the modern world. Until recently, cyber criminals would use sophisticated virus-based attacks through ransomware and malware. However, the tide is turning with more fraudsters exploiting email and social media vulnerabilities to steal precious data.
Action Fraud statistics, which also include business attacks, found that malware attacks were less prevalent in 2018 with a 25% reduction in this form of virus borne attack.
Whilst malware attacks decreased in 2018, Action Fraud found that the 24,063 attacks in the second half of 2018 equated to a 12% increase in cyber attacks compared with the same time last year.
A 35% increase in email and social media hacking in 2018
Email fraud/impersonation and social media hijacking rose by 35% compared with 2017’s figures and indicates that this is where cyber criminals are now focusing their efforts. In total, Action Fraud found 9,458 cases of successful email fraud, excluding unreported fraud which would make this number considerably higher.
What does it mean for law firms?
Law firms are just as, if not more, susceptible to email fraud as the TV licensing and the Netflix attack on my data. Recent research from cloud data intelligence firm OnDMARC suggests that only 1% of the UK’s top 1000 law firms have implemented sufficient measures to prevent spoofed or impersonation emails. Emails that could cause irreparable damage.
As law firms are liable to replace any client money lost to fraudulent activity, the financial implications could be devastating.
The Chameleon Criminal
Even though many firms may feel secure with the IT security they have put in place, in many cases they will remain vulnerable to phishing attempts. Criminals are now adept at exploiting email domains and impersonating a company, sending counterfeit messages to clients.
Protecting your firm
There are ways to ensure your firm is protected from email impersonation and phishing attempts that are so commonplace in modern society. DMARC technology actively blocks phishing attacks and stops third-party impersonation of an email domain.
Lawyer Checker, experts in providing technology to protect lawyers and their clients, are able to offer an OnDMARC service specifically designed to protect the legal profession from email fraud.
Don’t let your company press the proverbial red ‘restart membership’ button, ensure that your online domains are protected from email phishing and impersonation attempts by using Lawyer Checker’s OnDMARC service.