Legal firms targeted in email scam
In one instance, it almost cost an individual €47,000 until a bank stepped in to query a money transfer, and the transaction was stopped.
A solicitor, who asked not to be named, said his firm undertook a full review of its IT security systems after being targeted by the scam last week.
He said he became aware yesterday that at least two more firms have been targeted by what he described as a “complex and sophisticated” cyber attack.
Emails are being sent from individuals in one legal firm to people in their contacts list, requesting them to click on an attachment, which in turn requests the payment of an invoice or the transfer of certain funds to certain accounts.
The solicitor said the emails look legitimate.
However, this scam can intercept emails querying the first request, and assures the target that the transfer request is genuine.
The solicitor said he knows of at least one individual who queried, by email, the validity of the initial request, accepted the email assurance it was genuine, transferred funds, and was about to transfer €47,000 until his bank stepped in and stopped it.
Cybersecurity expert Anthony O’Mara, the vice-president of Malwarebytes EMEA, said this type of cyber attack is “pretty rampant” around the world right now.
“This kind of incident highlights the need for online vigilance,” he said.
“Where do we keep our valuables today? Online. We have to have same vigilance for what we keep online as we do for what we keep at home.
“People should update their operating systems and install anti-malware products on their systems which can spot these attacks and lock down the systems.”
He described this particular incident as a social engineering scam, whereby scammers can copy and mirror legitimate email addresses and send fraudulent emails to various targets.
He said the criminals behind such scams can also combine it with malicious code which can be injected into the targeted IT system.
