LPM

COLUMNS
APRIL 2016
HOW TO
CATCH A PHISH
RICHARD HILL, PRACTICE DIRECTOR
ABOUT
Richard Hill
Practice director
Stepien Lake and
chair of the ILFM
www.stepienlake.co.uk
Following on from my article last month on
cybercrime, I want to help you spot a deceitful
phishing email sent by an attacker.
Sender The first question to ask yourself is
whether you were expecting the email, or was it out of the
blue? Of course, this is not to say that all emails from
unknown senders are deceitful scams – but you should look
carefully at the sender's name to see if it sounds legitimate
or whether they are trying to emulate someone you know.
The email sender’s name could well be someone you know
at first glance – however, if you hover your mouse over the
sender’s name (or right click) it will show the real email
address.
Subject The subject line will be alarmist and trying to jolt
the recipient into action. Urgent, immediate attention,
critical action required – these are all phrases used in the
subject line of a phishing attack. A common phishing email
sent to law firms states immediate action is required before
completion and attempts to cajole the recipient into clicking
on a fictitious completion statement containing malware.
Body Some of the less sophisticated emails can originate
from non-English-speaking countries, and so contain poor
grammar and spelling mistakes. Phishing emails do now
appear more credible and authentic but they can still have
unusual language, incorrect statements and odd word
choices. Asking for client funds to be ‘wired’ over has meant
the recipient has picked up on some sham emails trying to
trick firms to sending the money to an attacker's account.
The attachment and hyperlink The entire aim and focus
of the email is to entice the recipient into clicking a link or
attachment in the email to unleash the malicious code or
ransomware, such as Cryptolocker. The emails can look
convincing, and the link seem genuine, with familiar
wording. However, simply hovering your mouse over the link
will reveal the true link destination and where the link is
directing you. This will indicate whether it is a trusted
source.
Domain names Domain names are easily available to buy
and are cheap. Attackers purchase domain names that
closely resemble the authentic sender they are posing as.
For example, the domain name lawsociety.uk.com was
available for £69 for two years (on 123-reg.co.uk) at the time
of writing this. If you are unsure, you can check domains by
visiting either www.nominet.uk (for .uk domains) or
whois.domaintools.com.
You can check which country the domain has been
registered in and spot any newly registered domains, which
are a big red flag.
Other basic tips for killing a phish include looking at the
logo to see if it is poor quality, as the attacker may have
copied and pasted from the original source. The signature
block again could be low quality if logos appear, or use
minimal information, missing industry standard disclaimers.
An example of a recent fraudulent email stated ‘regulated
by the Law Society’ rather than the SRA, and was also
missing the word ‘authorised’.
As with most types of cyber attack, the best defence is
awareness, in particular user awareness, as attackers now
avoid firewalls and target people on the inside. So everyone
from receptionist to senior solicitors needs to be educated
of the threat phishing email attacks pose, and how one click
can put your network and business in danger. LPM
11
LEGAL PRACTICE MANAGEMENT