Watch Your Domain Extensions (Who does that email REALLY come from?)

Steven Puiszis
Hinshaw & Culbertson LLP
Contact
LinkedIn
Facebook
X
Send
Embed

Hinshaw & Culbertson LLP

Risk Management Question

How can you tell if an email—which appears to be from within a firm's own messaging system, advising the recipient that his or her information has expired or needs to be updated, and directing the recipient to click on a link to update their information—is genuine?

The Issue

Recently, several lawyers and secretaries of a law firm received an email purportedly from the firm's own "Messaging System" claiming that the recipient's email was out of date and instructing the recipient to click on a box to update his or her email.

The email was malicious. A few tell-tale signs that the message was bogus included the fact that the firm's email addresses do not go out of date. Only passwords can expire, and the firm's system was set up to alert attorneys and employees of the firm that their password was set to expire several weeks before expiration occurred. Further, the firm did not have a "Messaging System" and the email was designated as an "External email" by the firm's server.

But the real give-away was the domain extension of the sender of the email. The sender of the email in this case was located in Germany. You could tell this by looking at the sender's domain extension—in this case, .de is the domain extension used in Germany.

Risk Management Solutions

  • Always check the domain extension of the sender of an email. If you move too fast you may think the extension is .com when it's really .cn which indicates the email originates in China. Be wary of anything that doesn't end in .com, .gov, .us, .law or a state domain extension like .az (for Arizona) for instance. Here is a list of foreign domain extensions to check if you ever don't recognize an extension: https://www.webopedia.com/quick_ref/topleveldomains/countrycodeA-E.asp
  • Set up your email system so that email coming from outside of the firm is tagged as "External email" and instruct employees to be cautious of all external email. In the example above, if the email had actually come from an internal "Messaging System" it would not have been designated as "External email."
  • Send suspicious emails to your firm's breach inbox to have them evaluated and have the sender(s) blocked firm wide.
  • As always, if you receive an email out of the blue, never click on a link or attachment. Also, if you receive an email from someone you know, but it includes an attachment you were not expecting to receive, call the sender to confirm it came from the sender and not a hacker. 

Remember, let's be careful out there.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Hinshaw & Culbertson LLP | Attorney Advertising

Written by:

Hinshaw & Culbertson LLP
Hinshaw & Culbertson LLP
Contact
more
less

Hinshaw & Culbertson LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide