Global law firm and magic circle firm, Linklaters, have been peppered by cyber criminals in 2019 and have fallen foul of scammers attempting to use their name in phishing fraud attempts for the third time this year and second time in a month.
The Solicitors Regulation Authority (SRA) has found that emails were sent in May, March and February, misusing the name of Linklaters LLP.
The email attack in May claims that the firm are providing updated bank details and requesting that the email recipients transfer funds to the new ‘subsidiary bank account’.
Within this particular attack, the cyber criminals have misused Linklaters name, address and website.
Linklater’s official company domain will always use ‘@linklaters.com.’ The attackers claimed to be one of the firm’s legal project managers and the domains were extremely close to the legitimate domain. The hackers opted to use ‘@linkiakers.com’ and ‘@linklalers.com,’ making it extremely easy for an unsuspecting employee or client to fall victim of these attacks.
In February, the firm’s domain was also copied with an almost identical email domain of ‘@liinklaters.com’ using an additional ‘i’ to ensure the domain was close enough to the original and difficult to spot. Again, the email was demanding the recipient resend an invoice and ‘inform the exact amount due for payment.’
In March, the law firm’s domain was replicated with the emails purporting to come from Linklaters attempting to divert payments for law invoices by claiming the firm had recently changed its bank account details.
Whilst the firm have been extremely transparent around the phishing attempts by creating a page on their website informing their clients and the public of the attempted replicated domains, the sophisticated social engineering attempts, using a legal lexical field, and creating a very similar email domain could easily fool the most cynical cyber security savvy person.
The speed and volume of these emails highlights the determination and persistence of the cyber criminal fraternity. Only a steadfast and committed approach to security and staff training can prevent these emails from succeeding in the future.
According to the UK Finance report, ‘Fraud the Facts 2019,’ an eclectic range of authorised push payment (APP) frauds have been increasing via the use of email fraud in the UK last year.
Malicious redirection fraud, which includes conveyancing fraud, was only the third most popular type of APP in 2018. However, it represented the greatest overall loss with £123.7 million being stolen in the UK last year and only £34 million being returned.
The 7,544 malicious redirection scams completed, over 9,000 payments were made with an average individual loss of £20,750. These statistics highlight the importance of ensuring the people you are communicating with are legitimate.
The use of spoofing software and compromising a company’s email communication has also been a lucrative business for cyber criminals last year. The 603 reported cases yielded a return of £14.8 million. When client data and business reputation has never been so important, failing to protect your domain by using DMARC technologies could be extremely detrimental to your firm or business.
Impersonation fraud using fake domain websites and email addresses very close to the legitimate source also increased with £92.7 million being stolen through these means. Almost 11,000 (10,924) individuals and businesses, like Linklaters, were affected by impersonation fraud in 2018.
A Linklaters press release, commented:
“We wish to inform the public that Linklaters LLP has no involvement with these emails. Members of the public are advised not to respond to any request to provide personal or confidential information in these scam emails.”
When law firms are becoming so vulnerable to cyber criminals spoofing their domain and business identity, it is vital that all stakeholders and employees within the business are aware of the warning signs in order to prevent these figures from increasing in the future.
Is your business protected from cyber criminality? Are you concerned by the increases in APP fraud? Has your law firm been spoofed and exploited in a similar way to Linklaters?