LPM
LPM_APR_FINAL
LPM_APR_FINAL
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
COLUMNS<br />
APRIL 2016<br />
HOW TO<br />
CATCH A PHISH<br />
RICHARD HILL, PRACTICE DIRECTOR<br />
ABOUT<br />
Richard Hill<br />
Practice director<br />
Stepien Lake and<br />
chair of the ILFM<br />
www.stepienlake.co.uk<br />
Following on from my article last month on<br />
cybercrime, I want to help you spot a deceitful<br />
phishing email sent by an attacker.<br />
Sender The first question to ask yourself is<br />
whether you were expecting the email, or was it out of the<br />
blue? Of course, this is not to say that all emails from<br />
unknown senders are deceitful scams – but you should look<br />
carefully at the sender's name to see if it sounds legitimate<br />
or whether they are trying to emulate someone you know.<br />
The email sender’s name could well be someone you know<br />
at first glance – however, if you hover your mouse over the<br />
sender’s name (or right click) it will show the real email<br />
address.<br />
Subject The subject line will be alarmist and trying to jolt<br />
the recipient into action. Urgent, immediate attention,<br />
critical action required – these are all phrases used in the<br />
subject line of a phishing attack. A common phishing email<br />
sent to law firms states immediate action is required before<br />
completion and attempts to cajole the recipient into clicking<br />
on a fictitious completion statement containing malware.<br />
Body Some of the less sophisticated emails can originate<br />
from non-English-speaking countries, and so contain poor<br />
grammar and spelling mistakes. Phishing emails do now<br />
appear more credible and authentic but they can still have<br />
unusual language, incorrect statements and odd word<br />
choices. Asking for client funds to be ‘wired’ over has meant<br />
the recipient has picked up on some sham emails trying to<br />
trick firms to sending the money to an attacker's account.<br />
The attachment and hyperlink The entire aim and focus<br />
of the email is to entice the recipient into clicking a link or<br />
attachment in the email to unleash the malicious code or<br />
ransomware, such as Cryptolocker. The emails can look<br />
convincing, and the link seem genuine, with familiar<br />
wording. However, simply hovering your mouse over the link<br />
will reveal the true link destination and where the link is<br />
directing you. This will indicate whether it is a trusted<br />
source.<br />
Domain names Domain names are easily available to buy<br />
and are cheap. Attackers purchase domain names that<br />
closely resemble the authentic sender they are posing as.<br />
For example, the domain name lawsociety.uk.com was<br />
available for £69 for two years (on 123-reg.co.uk) at the time<br />
of writing this. If you are unsure, you can check domains by<br />
visiting either www.nominet.uk (for .uk domains) or<br />
whois.domaintools.com.<br />
You can check which country the domain has been<br />
registered in and spot any newly registered domains, which<br />
are a big red flag.<br />
Other basic tips for killing a phish include looking at the<br />
logo to see if it is poor quality, as the attacker may have<br />
copied and pasted from the original source. The signature<br />
block again could be low quality if logos appear, or use<br />
minimal information, missing industry standard disclaimers.<br />
An example of a recent fraudulent email stated ‘regulated<br />
by the Law Society’ rather than the SRA, and was also<br />
missing the word ‘authorised’.<br />
As with most types of cyber attack, the best defence is<br />
awareness, in particular user awareness, as attackers now<br />
avoid firewalls and target people on the inside. So everyone<br />
from receptionist to senior solicitors needs to be educated<br />
of the threat phishing email attacks pose, and how one click<br />
can put your network and business in danger. <strong>LPM</strong><br />
11<br />
LEGAL PRACTICE MANAGEMENT