Saturday, March 20, 2010

A Chilling Article About Law Firms Becoming Targets of Cyber Criminals

I have long said that law firms are lucrative targets for hackers. Today a story appears on page DC - 1 of the San Francisco Chronicle called "Law firms are lucrative targets of cyberscams".
Last spring, a Long Beach law firm received an e-mail from a Hong Kong businessman seeking help collecting debts from American customers. An attorney with the firm saw it as a great opportunity to reel in more business during the economic downturn and agreed to help.

After a month of signing paperwork and exchanging telephone calls with his client, the attorney received word from one debtor who sent a $200,000 cashier's check to pay off his balance. The attorney deposited it in his firm's account, subtracted his $10,000 fee and wired the remaining amount to his Hong Kong client.

An hour-and-a-half later, the attorney's bank called and told him the check bounced. Fortunately, the bank was able to prevent the wire transfer from reaching its destination. He almost had been duped out of $190,000.

"They send me a nice, big, worthless check," said the attorney, who asked to remain anonymous. "Needless to say that was not a fun day. They were the hardest 24 hours of my life.

The threat has been very real for a long time. Scammers have moved from just scamming "rich americans" and have moved on to targeting "rich american lawyers". The best defense against these sorts of scams are a good spam filter and user education.

If you don't have a user education program at your firm, start one. Your IT staff should be trained in security as well. Something like the CompTIA Security+ certification is a good start. Even the MCSE has track has security some great security components to it. You should also probably have a CEH or a CISSP on staff as well, or at least a security professional you can bring in to consult on a contract basis.

...Alex Stamos, a founding partner at iSEC Partners, a San Francisco security consulting firm that recently published research identifying about 100 organizations hit by the attack, said that law firms are on the list of organizations most at risk of being targets in the future.

"Most law firms are going to be in trouble if this is the level of adversary they're going to deal with," he said. "It's impossible even for the largest law firms to have a dedicated security team that can hold their own against these people."

This threat isn't going away anytime soon. Be alert and be careful. The threat is no long the 14 year old in the basement. It's organized crime.

Labels: ,


Post a Comment

<< Home