964 (94%) global IT decision makers from a survey size of 1,025 have found impersonation phishing attacks have had a severe impact on their business; losing money, data and subsequently customers to cyber criminals in 2019.
According to the State of Email Security Report, completed by Mimecast, 55% of respondents have also noted a steep increase in these attacks in the past year.
Impersonation phishing has enjoyed the greatest rise in the past year as cyber criminals use more convincing social engineering methods to scam businesses and their customers.
This type of fraud increased by 67% with 73% of businesses, or 748 of the 1,025 strong respondent list experiencing some form of loss through impersonation phishing.
216 respondents had experienced financial losses because of persistent impersonation phishing attempts. In some cases, this was due to money being lost by cyber criminals. However, respondents were keen to point out that some losses were a direct result of declining business due to reputational damage.
In fact, 209 respondents believe they have lost customers because of impersonation phishing as more clients look to use other firms perceived to be more secure.
Worryingly, the sophistication of social engineering is convincing too many customers and employees to part with sensitive and vital information. The survey found that almost half (40%) of respondents that found an increase in impersonation phishing had fallen foul of the cyber criminals by losing data.
The legal sector, more than any other, is at huge risk of financial and reputational losses at the hands of impersonation phishing.
In the past three months, the Solicitors Regulation Authority (SRA) have been formally warning the public and law firms on an almost daily basis about new and emerging threats. Out of the 92 days between March and May, the SRA has issued 86 separate scam alerts.
In May, 30 alerts were placed on the SRA’s website, adding to the 27 warnings from April and 29 fraud threats in March.
As cyber criminals look to cash in on a usually lively Spring property market, an email address and website have been spoofed using the name of a genuine firm and solicitor.
A fake website was set up pertaining to be genuine law firm, ABK Solicitors. The authentic looking website even uses the genuine SRA ID for the law firm. The research and detail put into both the email and website were particularly alarming with the fraudsters also populating the ‘attorneys’ section of the website with some genuine solicitors. However, the partner and associates, Clara Browne, Debbie Larsen and Barry Miles, are not authorised or registered by the SRA.
The email claiming to come from Barkat Khan, who actually works for ABK Solicitors, uses a declarative and convincing set of payment instructions directing the recipients to pay £1,500 in order to prepare for execution on an investment deal.
When fraudulent emails and websites are spoofed to such a high standard that it becomes difficult to separate the genuine from the fake, it is imperative that law firms prepare their cyber defences and secure themselves better in the future.
Josh Douglas, Vice President of Threat Intelligence at Mimecast, commented:
“Email security systems are the front-line defense for most of attacks. Yet just having and providing data on these attacks is not what creates value for most respondents.
“Survey results indicate that vendors need to be able to provide actionable intelligence out of the mass of data they collect and not just focus on indicators of compromise which would only address past problems.”
Is your law firm protected from the increasing sophistication of impersonation phishing? Is your firm or clients targeted via this form of scam?