Training Your Law Firm’s Staff To Spot A Phishing Email
Cybersecurity needs to be a top priority for legal firms today. You aren’t just a target – you’re a primary target. The fact is that legal firms were cybercriminals’ top choice for ransomware targets in the first quarter of 2019.
Are you prepared to defend your law firm from cybercriminal attacks like phishing scams?
What is Phishing?
Phishing (and all social engineering techniques) is about the element of surprise.
It’s a method in which cybercriminals send fraudulent emails that appear to be from reputable sources in order to get recipients to reveal sensitive information and execute significant financial transfers.
You should have cybersecurity measures in place, but they can’t read every email for you and your staff – you have to play a role in your cybersecurity as well.
If the cybercriminal can make you believe that they’re your bank, your boss, or a close friend, then you’re that much more likely to download malware or give up your SSN. That’s why your staff needs to know what to look for.
How To Spot A Phishing Email
- Check The Right Fields: If you’re unsure about an email, check the details on the email itself – specifically the “mailed-by” and “signed-by”, both of which should match the domain of the sender’s address.
- Heed Outlook’s Warnings: If Outlook marked an email as spam and put it in your Junk Folder, it’s probably for a good reason – leave it there! If you’re absolutely positive it’s a legitimate email, and that you know the sender, verify with them over the phone or in another way before clicking any links, or downloading any attachments.
- Participate In Your Cybersecurity: Your IT company should be able to equip you with an email solution that lets you flag suspicious emails for your IT team to review and address on a business-wide scale.
- Suspicious Links: Always be sure to hover your mouse over a link in an email before clicking it. That allows you to see where it actually leads. While it may look harmless, the actual URL may show otherwise, so always look, and rarely click.
- Spelling and Grammar: Modern cybersecurity awareness comes down to paying attention to the details. When reading a suspicious email, keep an eye out for any typos or glaring errors. Whereas legitimate messages from your bank or vendors would be properly edited, phishing emails are notorious for basic spelling and grammatical mistakes.
- Specificity: Another point to consider is how vague the email is. Whereas legitimate senders will likely have your information already (such as your first name) and will use it in the salutation, scammers will often employ vaguer terminology, such as “Valued Customer” – this allows them to use the same email for multiple targets in a mass attack.
- Urgent and Threatening: If the subject line makes it sound like an emergency — “Your account has been suspended”, or “You’re being hacked” — that’s another red flag. It’s in the scammer’s interest to make you panic and move quickly, which might lead to you overlooking other indicators that it’s a phishing email.
- Attachments: Phishers will often try to get you to open an attachment, so, if you see an attachment in combination with any of the above indicators, it’s only more proof that the email is likely part of a phishing attempt.
Enlist Expert Assistance From Your IT Company
In the end, the key to phishing methodology is that it doesn’t rely on digital security vulnerabilities or cutting edge hacking technology; phishing targets the user, who, without the right training, will always be a security risk, regardless of the IT measures set in place.
The reality is that small and medium-sized businesses like yours are put at great risk if you don’t have help from an IT company like Network Heroes.
We will teach you and your staff to…
- Never give out private information: A basic rule among cybersecurity experts is knowing not to share sensitive info online. The trusted institutions with which you do business will not ask you for your private information.They already have your account numbers, social security number, and your passwords. They won’t have any good reason to ask for it again, right? If an email from a superior or external contact asks for that info, it is likely a scam, so be sure to confirm the request by phone or in person.
- Always check up on unexpected email attachments: A key aspect of cybersecurity awareness is understanding that, if you get an email from someone you know with an attachment that you weren’t expecting, you should confirm it with the sender. Give them a call or send them an email to ensure that the attachment is from them and is legitimate before you open it.
Like this article? Check out the following blogs to learn more: