The email indicates the recipient has files to view/download and requests that users login using their credentials to access the files.
At present, these emails are known to have come from compromised law firms, however it is possible that these emails could come from any organisation that has been compromised.
The difficulty of spotting these emails is increased due to them coming from a legitimate source or known sender.
Everyone is reminded to be wary of emails asking you to login to any system to view/download files, consider:
Were you expecting this email or has it come expectantly even if it is from a known sender?
Has the user ever previously asked you to login to a system to view/download files?
Are you able to verify with the sender by phone or in person that the email is genuine?
If you receive a phishing email you are reminded that you should follow your own organisations policies and procedures and that you may be required to notify your IT department. If you do not have an IT department you can forward phishing emails to report@phishing.gov.uk
If you think you may have received an email and provided your credentials, notify your IT department immediately. If you do not have an IT department reset your password immediately.
Where possible, enable two/multi-factor authentication (2FA/MFA); this will work to reduce and mitigate the impact of compromised credentials.
If you have been a victim of a cyber-attack you are advised to report this to Action Fraud via their website at www.actionfraud.police.uk or you can give them a call on 0300 123 2040.
All law firms are prime targets for cyberattack, with organised criminal gangs using automated means to search, indiscriminately, for vulnerabilities. Firms have a responsibility to increase their cybersecurity and business resilience.
The starting point is a proper cyber risk assessment of your vulnerabilities as regards your policies, technology, and people. The appropriate steps must then be taken to tackle them.
Firms should make themselves aware of the type of attacks which are taking place. They should of course prepare to defend themselves against them. But they must also prepare their emergency response arrangements to deal with a breach. This is why an incident response plan is such an important aspect of business resilience planning.
Common attacks include:
Credential phishing attacks on employees which, if successful, typically lead to email account takeover.
Attempts to gain unauthorised access to computer systems via staff connecting remotely to company information.
Virus, ransomware or other security attacks on IT equipment systems or networks.
Insider fraud where staff have access to confidential and commercial information.
Denial of service attacks where critical web services are taken out of action and a ransom demanded.
As the MLS’s trusted cybersecurity partner, we have created some advice on the key areas for responding to a cyber breach. This includes incident preparation and emergency response team, and incident response.
Ditch the meal deals this month and enjoy 50% OFF food for the whole of August! Must be booked online quoting reference FRIENDS50in the booking comments. Offer ends 27th August.
T&Cs: must be booked online, parties of 6 and under, valid against food only.
Did you miss the live stream? Want to see the reactions of the winners? Hear why the winners were chosen and the exciting work taking place in the Manchester Legal community?
You can watch the recording of the Manchester Legal Awards right here!
.gif)
.jpg)
.jpg){kind=small}
.jpg)
.jpg)
.png)
.png)
.jpg)
.jpg)
