Cynch Security

View Original

Legal brief causes an email explosion

Lawyers receive and send emails and documents constantly throughout the day. These could contain evidence for a case, invoices, meeting notes, or any number of other things. A lot of these exchanges often contain sensitive information.

A little while ago Rachel (not her real name) received an email with a link to access a legal brief via a document sharing service. Rachel is a smart, tech-savvy lawyer and sole trader in her own practice. Peter (not his real name either), an administrative employee at another established firm, had sent the email. It looked legitimate and consistent with other briefs sent to Rachael in the past.

Cyber criminals will often use pages that look like legitimate services to trick you into giving away your password.

The link in the email took Rachael to a fake Microsoft login page that also looked 100% legitimate and prompted her to put in her user ID and password. She frequently has to enter passwords to access different document management services, but she had not heard of this particular one so she acted carefully. Googling the document management service showed it as a ‘document exchange service’. She scanned the results and checked for other entries that showed it was a scam or dangerous. Figuring there was nothing out of the ordinary Rachael entered her username and password and then moved on to other work duties.

That moment of dread we all want to avoid.

Returning to her desk 20 minutes later Rachael discovered dozens of messages, missed calls, emails and even a LinkedIn message saying “I think you've been hacked”. Her heart sank when she realised what had happened.

Within minutes, the virus had taken control of her Outlook email and sent an email to every single person in her inbox. This included anyone who had been in ‘To’ or ‘CC’ on any email. All her clients and even complete strangers who had received group emails or newsletters had received a message from her.

The message wasn't consistent with Rachel’s writing style, causing some recipients to treat it as suspicious and contact her. Others called her to check why she'd shared a document via a link, something she hadn’t done before. Thankfully, many of the email systems her friends and clients used managed to detect the malicious email and blocked it before it could cause harm.

The attacker was pretty sophisticated though and had set a rule for anyone asking if her document-sharing link was genuine. It would immediately reply saying it was legitimate and to give it another go. Rachel didn’t know this was happening until someone told her and she found a bunch in her Outlook "sent" folder.

Rachel later learned that one person who received the malicious email from her hacked account had become a victim as well. They had to pay an expert to get back into their own system and change hard drives. Peter's firm also had to pay a significant ransom to get back into their computer system.

What’s ransomware?

Ransomware is a type of malicious software that cyber criminals use to block you from accessing your data. The digital extortionists encrypt the files on your system with a mathematical key known only to them, effectively locking you out until the demanded ransom is paid.

Increase in cyber related claims from LPLC members

Unfortunately, this type of case isn’t rare. Last year, Australian's lost $231 million dollars to ransomware, and these are just the cases reported. Lawyers are often targeted due to the nature of what they do and the type of sensitive information they exchange with clients. The Legal Practitioners Liability Committee (LPLC) often send bulletins to their members to warn them about the increase in this type of activity.

Cybercriminals research the businesses they target and have tools to make scam emails look legitimate. We find victims are often embarrassed when something like this happens and would rather pay money to make the issue go away.

Rachael was lucky. As soon as her friends alerted her to the problem, she was able to change her passwords from another device. She worked with her anti-virus company to clean things up, turned everything off, had her PC re-built, and enabled multi-factor authentication (MFA) as a preventative measure for the future.

After experiencing an incident first hand, Rachael realised this can happen to anyone. Even though she was embarrassed by what happened, she wanted to do something about this. She's shared to help others realise incidents are real and can happen to anyone.

We highly commend Rachel for telling her story, so others can be aware that it can happen to anyone.

Rachael has since signed up to Cynch to learn more about how to better manage her cyber risk.

Start protecting your business from these threats and much more today with our Cyber Boot Camp program.

What should you do if you’ve fallen victim to a ransomware attack?

If your business has experienced a cyber incident we recommend reporting it to the ACSC. This can help prevent others from becoming a victim as well.

If you've been a victim of ransomware, the No Ransom Project has a stack of advice to help you respond.

The ACSC and IDCARE also have some great general advice on how to protect yourself from these types of attacks.