Call our quote line to speak to a qualified solicitor0800 987 8156* Send a message
*Call this mobile friendly number or your local branch
The legal sector is at significant risk of cyber crime, cyber attacks and scams, partly because of the sensitive data and significant monies held by law firms.
As part of our cyber security policy the firm has in place security software, including antivirus, anti-spam, and firewall software, which is sufficient and regularly reviewed and updated to identify and remove malware. We also ensure that software installed on all company devices is kept up to date and regularly ‘patched’.
We are however unable to protect you against phishing scams. Phishing is untargeted, mass emails sent to many people to try to obtain financial or other confidential information (including user names and passwords). This is usually done by sending an email that looks as though it has been sent by a legitimate organisation. The email usually contains a link to a fake website that looks authentic. The email may also ask you to respond to an account which looks like it has been sent from a Kew Law domain (kewlaw.co.uk) but has in fact not originated from our servers and any response to the spoofed email is actually directed to the fraudster who is using for example a gmail account. See more about spoofing below.
We are also unable to protect you against spoofing attacks. A spoofing attack is a situation in which a person successfully masquerades as another by falsifying data, to gain an illegitimate advantage. The sender information shown in e-mails (the “From” field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails.
Tip 1: Don’t trust the display name
A favorite phishing tactic among cyber criminals is to spoof the display name of an email. A recent study found that out of more than 760,000 email threats targeting 40 of the world’s largest brands nearly half of all email threats spoofed the brand in the display name. The fraudulent emails, once delivered, appear legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email. Your email service provider is likely to publish guidance online on how to display the email header.
Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.
Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.
Tip 4: Analyse the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. You should also consider each tip in conjunction with others. If your email information has been obtained through a security breach at some time in the past, the fraudster may have your personal information to hand and seek to take advantage of this.
Tip 5: Don’t give up personal information
Solicitors will never ask for personal details via email. Don’t give them up.
Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic.
Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. You should cross reference the contact details if displayed on our website or if an existing client, against the information previously provided to you.
Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.
Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Notwithstanding the advice a Tip 1, it is also possible to spoof in the header from email address
Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.
Send us a message and we'll get back to you as soon as we can.Ask Us A Question