Law firms: check your email systems
The National Cyber Security Centre (NCSC) is seeing a spike in reports of law firms whose emails have been compromised.
Cybercriminals are gaining unauthorised access to law firms’ emails and targeting their customers and clients with fake invoices. This type of attack is referred to as Business Email Compromise (BEC) and it can be hard to spot as cybercriminals go out of their way to avoid being detected.
If an attacker gains access to your email account, they can send invoices to your clients with altered invoice account numbers. Customers think they are paying your firm or depositing money into your account but are actually sending it into the criminal’s account.
Cybercriminals are targeting law firms because transactions usually involve large sums of money. BEC attacks can cause significant losses to your customers and reputational damage to your organisation.
We encourage all law firms to check if your email systems have been compromised. You may need IT support for this. Ask your IT provider to monitor your business email and check:
- auto-forwarding rules on email accounts, especially those relating to accounts receivable,
- auto-filtering rules on email accounts to see if there are any rules that you did not set up, and
- email access logs to look for any unusual login behaviour like a change in log in times and an unexpected or foreign IP address.
You can check if your business emails have been in a data breach on a website called haveibeenpwnd.com.
haveibeenpwnd.com(external link)
We also recommend raising this spike in reports with your clients and checking if they have received any suspicious messages. You can report any incident or suspected attack to us.
Information reported is confidential and will not be shared with other agencies such as the police without consent.
You can find out more about how attackers gain access to your accounts and how you can prevent these attacks on our website.