Legal Services as a Phishing Target: How Domain Reputation Checks Can Help

By WhoisXML API
WhoisXML API

The legal sector has become a favored target of phishing campaigns. 80% of law firms reportedly received phishing emails in 2018. And in 2017, the success of these phishing campaigns was 300% higher than in 2016. This success rate could be attributed to the fact that not all phishing emails look suspicious, and law firm staff members might not be able to identify them.

IT security professionals in various industries are also not too confident about the ability of end-users to recognize phishing emails. A study by Osterman Research, for instance, found that only 18% of IT professionals believe that end-users are "extremely capable" of recognizing phishing and spear-phishing emails.

IT/Security Perception About the Ability of End Users to Recognize Phishing and Spearphishing Emails (Source: Osterman Research, Inc.)

So, how then can legal service firms mitigate the risk of phishing attacks and protect the confidential information held as part of the client-attorney privilege agreements put in place?

In this post, we examined some of the most common types of phishing attacks targeting law firms and how these can be detected early with the help of Domain Reputation API.

Phishing Attempts in the Legal Sector: Attack Entry Points

Two of the most common methods that threat actors use in phishing campaigns targeting legal service providers are impersonation and social engineering. These techniques are easily pulled off because most lawyers make their contact information, employment history, and other personal details publicly available online.

LinkedIn, for one, is a fountain of information for anyone who wants to impersonate a lawyer or a law firm staff member. The social media site also gives threat actors up-to-date career changes, so they know who recently joined or just left a firm.

New employees and associates are often vulnerable targets. In one case, a finance manager who had only been with a law firm for two months was tricked into transferring £60,000 to a phisher who impersonated a supplier.

Attackers are also known to pretend to be senior partners in casual emails to see if they can get enough responses to launch a full-blown phishing attack.

Our Investigative Tool: Domain Reputation API

Let us take a look at a URL we found on PhishTank that seems like it's from a legitimate legal services firm:

https://pmlegalservices[.]net/pmlegalservices2018/u00m/checkpoint/mn/index[.]php?email=bronk@tokalaska[.]com?.

We ran the domain name on Domain Reputation API and found that it has a low reputation score of 76.3. The ideal score is 100, which means a site is safe to access.

Aside from the domain's low reputation score, the tool also returned several warnings that include:

* * *

Aside from training staff members to be vigilant of phishing emails, a possible action for legal services at this point is to integrate tools such as Domain Reputation API into existing systems and solutions. That way, these can be configured to stop connections to domains with low reputation scores as an additional layer of protection against phishing and other more sinister cyberattacks.

Related topics: Domain Management, Domain Names, Whois

Comments