Call our quote line to speak to a qualified solicitor

0800 987 8156*
Send a message

*Call this mobile friendly number or your local branch

The legal sector is at significant risk of cyber crime, cyber attacks and scams, partly because of the sensitive data and significant monies held by law firms.

As part of our cyber security policy the firm has in place security software, including antivirus, anti-spam, and firewall software, which is sufficient and regularly reviewed and updated to identify and remove malware. We also ensure that software installed on all company devices is kept up to date and regularly ‘patched’.

We are however unable to protect you against phishing scams. Phishing is untargeted, mass emails sent to many people to try to obtain financial or other confidential information (including user names and passwords). This is usually done by sending an email that looks as though it has been sent by a legitimate organisation. The email usually contains a link to a fake website that looks authentic. The email may also ask you to respond to an account which looks like it has been sent from a Kew Law domain (kewlaw.co.uk) but has in fact not originated from our servers and any response to the spoofed email is actually directed to the fraudster who is using for example a gmail account. See more about spoofing below.

We are also unable to protect you against spoofing attacks. A spoofing attack is a situation in which a person successfully masquerades as another by falsifying data, to gain an illegitimate advantage. The sender information shown in e-mails (the “From” field) can be spoofed easily. This technique is commonly used by spammers to hide the origin of their e-mails.

 

Ten Tips on How to Identify a Phishing or Spoofing Email.

Tip 1: Don’t trust the display name

A favorite phishing tactic among cyber criminals is to spoof the display name of an email. A recent study found that out of more than 760,000 email threats targeting 40 of the world’s largest brands nearly half of all email threats spoofed the brand in the display name. The fraudulent emails, once delivered, appear legitimate because most user inboxes only present the display name. Don’t trust the display name. Check the email address in the header from—if looks suspicious, don’t open the email. Your email service provider is likely to publish guidance online on how to display the email header.

Tip 2: Look but don’t click
Hover your mouse over any links embedded in the body of the email. If the link address looks weird, don’t click on it. If you want to test the link, open a new window and type in website address directly rather than clicking on the link from unsolicited emails.

Tip 3: Check for spelling mistakes
Brands are pretty serious about email. Legitimate messages usually do not have major spelling mistakes or poor grammar. Read your emails carefully and report anything that seems suspicious.

Tip 4: Analyse the salutation
Is the email addressed to a vague “Valued Customer?” If so, watch out—legitimate businesses will often use a personal salutation with your first and last name. You should also consider each tip in conjunction with others. If your email information has been obtained through a security breach at some time in the past, the fraudster may have your personal information to hand and seek to take advantage of this.

Tip 5: Don’t give up personal information
Solicitors will never ask for personal details via email. Don’t give them up.

Tip 6: Beware of urgent or threatening language in the subject line
Invoking a sense of urgency or fear is a common phishing tactic.

Tip 7: Review the signature
Lack of details about the signer or how you can contact a company strongly suggests a phish. Legitimate businesses always provide contact details. You should cross reference the contact details if displayed on our website or if an existing client, against the information previously provided to you.

Tip 8: Don’t click on attachments
Including malicious attachments that contain viruses and malware is a common phishing tactic. Malware can damage files on your computer, steal your passwords or spy on you without your knowledge. Don’t open any email attachments you weren’t expecting.

Tip 9: Don’t trust the header from email address
Fraudsters not only spoof brands in the display name, but also spoof brands in the header from email address. Notwithstanding the advice a Tip 1, it is also possible to spoof in the header from email address

Tip 10: Don’t believe everything you see
Phishers are extremely good at what they do. Just because an email has convincing brand logos, language, and a seemingly valid email address, does not mean that it’s legitimate. Be skeptical when it comes to your email messages—if it looks even remotely suspicious, don’t open it.

Other matters to note:-

  1. Email is not a secure method of transmitting sensitive or personal data
  2. You should report any incident so that the police and government can put resources in place. You can do this online at https://www.actionfraud.police.uk/ or by telephoning the Cyber Crime Reporting Centre on 0300 123 2040,
  3. Never rely on any banking details provided to you unless they are supplied in a secure manner.
  4. The firm shall not be changing its bank account details during the course of a transaction.
  5. If you any communications suggesting that the firm’s bank account details have changed, you should contact the firm via the number on the firm’s website or headed notepaper.
  6. More information about avoiding and reporting internet scams and phishing can be found at https://www.gov.uk/report-suspicious-emails-websites-phishing

Please contact me

  • This field is for validation purposes and should be left unchanged.

Ask us a Question

Send us a message and we'll get back to you as soon as we can.

Ask Us A Question