Another Reason Not to Use Email for Confidential Communication

In a scheme called “spear phishing,” hackers are targeting small law firms that handle real estate transactions in order to steal client funds. The hackers sneak into the lawyer’s email accounts and monitor the emails between the lawyers, clients, and closing or title agents. When the day for closing comes, the hackers use the lawyer’s email account to send their clients an email with instructions to wire funds to a bank account that (surprise!) has nothing to do with the actual transaction. Hackers have stolen tens of thousands to even hundreds of thousands of dollars using this scam.

Running a law firm often means you have two, um, back ends to cover – yours and your client’s. In addition to using basic information security tools like two-factor authentication and email encryption, make sure you give your clients very specific instructions about the way transactions will be handled, and that any changes to those instructions must be confirmed over the phone or by another method external from email.

Small firm and solo lawyers must be technically competent beyond simply knowing how to format documents in Microsoft Word. If you are not at least worried about your data being hacked, you are arguably not meeting your duty of technological competency, at least in states that have adopted one.

Featured image: “hacker doing cyber crime stealing credit card data” from Shutterstock.

Leave a Reply