How to Guard Against Proliferating COVID-19 Scams

Hinshaw & Culbertson - Cyber Alerts

Risk Management Question
 

What precautions can lawyers, staff, and law firms take to avoid pandemic-related cyber scams?

The Issue

As the number of attorneys and law firm staff adopting social distancing and working from home increases, so do the related cyber risks. Hackers have well-rehearsed playbooks that seek to exploit distributed workforces using remote connections. As a result, lawyers and staff should be extra vigilant and take additional precautions.

Among other scams, hackers are circulating phony but legitimate looking:

  • COVID-19 outbreak maps.
  • Emails purportedly from IT teams to employees with the subject line: "ALL STAFF CORONAVIRUS AWARENESS." The emails describe a seminar at which the company will discuss what it's doing in response to COVID-19, which includes a link to register for the seminar.
  • Emails claiming to be from vendors about COVID-19 tools and strategies that include links to PDFs and Word Documents and invite the recipient to click and open the attachment.
  • SMShing messages closely resembling the employer's phone number, indicating the recipient needs to "click here" to find out about modified firm operations.

These seemingly harmless and legitimate looking emails and attachments are loaded with malware which deploy remote access tools (RAT), keystroke logging malware, desktop image capturing malware, and ransomware. Hackers are looking to potentially gain control of law firm personnel's remote access into the firm, or encrypt computers and anything else the malware can reach.

Risk Management Solutions

Here are several steps lawyers and staff alike can take to protect themselves and their firm:

  • Always think before you click.
  • Never click on an email or text message from anyone you don't know.
  • If you receive an attachment in an email or text message you were not expecting—even if it's from someone you know—call the person at a known telephone number (not the number listed in the message) to confirm the message is legitimate.
  • If you click on something you should have avoided and a box opens that asks you for your password, or to supply some information or click on a link to enable a later version of software: stop, close out, and immediately call your IT Department to have a scan run on your device(s).
  • Remember the ongoing risk of public Wi-Fi. If you can connect to Wi-Fi without a password, then the network is insecure. Do not use insecure Wi-Fi to connect to your work server, do any personal banking, or send any type of confidential or personal information.
  • Avoid working in public spaces where third parties can view screens or printed documents.

Now, more than ever, it's important to follow the classic Hill Street Blues' watch commander's advice: Let's be careful out there.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hinshaw & Culbertson - Law Firm Cyber Alerts | Attorney Advertising

Written by:

Hinshaw & Culbertson - Law Firm Cyber Alerts
Contact
more
less

Hinshaw & Culbertson - Law Firm Cyber Alerts on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.