Phishing scams, a long-standing issue that many people are familiar with, have become even more dangerous and prevalent in today’s technology-driven world. This is especially true for the legal industry and businesses, as a new phishing campaign specifically targeting solicitors, barristers and law firms is developing right now in the UK.

The Current Situation

This campaign entails emails being sent to individuals, from known contacts in other legal firms and local businesses, which look like genuine emails from people you may know.

They are not ‘spoofed’ emails that we are normally used to, but they contain a malicious link, which if clicked initially re-directs the user to a webpage displaying a shared document.

Here’s where the danger lies: if you, the user, enter your username, password, and multi-factor authentication token to access the document, your email account is breached.

The attackers then use the compromised account to send more malicious emails to all of your unsuspecting contacts, continuing the cycle. This results in a growing number of breached firms, both in the legal industry and among local businesses and suppliers.

The motivation behind this phishing campaign is called ‘credential harvesting’. Criminal actors aim to gather account credentials that can be sold or passed on to other cybercriminal groups for further attacks. The consequences could include ransomware attacks or other breaches if proper mitigation measures are not taken.

What should I do?

To protect yourself from falling victim to this scam, it is crucial to exercise caution. Avoid clicking on suspicious or unverified links and always double-check with the supposed sender about any shared documents.

Additionally, it is important to ensure that you are up to date with your GDPR training and that it is fully completed. In the event of a breach investigation, the ICO will ask to see your certificate. Failure to do mandatory training can contribute to the ICO’s decision to sanction any business. We advise everyone to log into our Briefed portal and check your certificate is dated within the last 12 months.

What do I do if I click on an unverified link?

1. Reset your account passwords immediately.
2. Reset (and implement) multi-factor authentication.
3. Notify your IT department or IT Specialist.
4. Notify your in-house Data Protection Lead, as you may need to report the matter to the ICO.