Last month, we wrote an extensive blog about the many various emails hackers are sending that resemble messages from Microsoft or a Microsoft product like OneDrive, SharePoint, Outlook, etc. If you haven’t done so already, you should read the blog here now.
We’re bringing the topic up again because four of our law firm clients have been hacked in the past month. The attacks stemmed from emails like we discussed (and displayed, so you could easily identify one the next time you receive one). Law firms need to know these attacks are getting more sophisticated!
Today, the Harbinger team got emails that were well-written (no spelling or punctuation mistakes), appeared to come from OneDrive, contained both the Microsoft and OneDrive logos, and included the Microsoft corporate address. How did we know not to click on it? Microsoft does not send these out to individuals that are not Administrators.
We urge law firms – our clients and non-clients alike – to have every employee of your firm read both our blogs on this topic. Employees must be trained and retrained on current threats that hackers are employing to gain access to your firm’s vital and sensitive information. Employees must assume emails that make any claim are an attempted hack until proven otherwise. Encourage all employees to contact IT for help in determining a spoof versus a legitimate email claim.
Cyber attacks can bring work at your firm to a grinding halt until the breach is resolved, causing untold loss of productivity and client billings. They also put sensitive client information at serious risk, which can cause irreparable damage your firm’s reputation. Don’t let these email spoofs gain traction in your firm!