Cybersecurity


Four U.S. firms are among a group of legal practices that have been targeted by scammers since the start of the coronavirus crisis. 

Shearman & Sterling; Debevoise & Plimpton; Morgan, Lewis & Bockius; and Latham & Watkins have all been subject to a range of scamming attempts, according to information published on the U.K. Solicitors Regulation Authority (SRA) website. 

Other firms such as CMS, Blake Morgan and Winckworth Sherwood have also been targeted by fraudsters. In total, 23 separate scam attempts have been recorded by the SRA since the start of the U.K.'s coronavirus lockdown March 23. 

One scam involved a fake website for the U.S. firm Morgan Lewis. The false website domain was under the name of "Morgan & Bockius" and contained lawyer profiles from another U.K. regional law firm, Anthony Collins.

Content including news posts, blogs, awards and biographies was lifted from the Anthony Collins websites, as well as partner telephone details. However, email addresses were redirected to "@morganbockius.com."

The SRA confirmed that it did not regulate a firm called "Morgan & Bockius," and that both Morgan Lewis and Anthony Collins confirmed no connection to it themselves.

According to a cybersecurity partner at a U.K. firm, the scale of coronavirus-related phishing across multiple business sectors has been very significant.

"From an individual point of view, people have switched over to a different environment and a different way of working—and so might be more vulnerable to an email phishing scam," he explained.

Another corporate partner at a U.K. firm said a number of suspicious emails had been received by the firm in which the sender offered money or compensation due to the pandemic.

According to Britt Endemann, head of data governance at compliance consultancy firm Forensic Risk Alliance, the risk of cybercrime has been exacerbated by the pandemic.

"Issues of connectivity and security are much more heightened in the time of the coronavirus," he said. "Corporates have been forced to move their workforce online and quickly adapt operations to a new remote landscape of virtual collaboration and remote work sites, which heighten exposure to cyber threats, regulatory compliance scrutiny and other significant enterprise risks."

The website for 'Morgan Bockius,' which the SRA has alerted as a scam.

The majority of scamming attempts were email impersonation frauds, where cybercriminals pretend to be a lawyer or someone acting on behalf of the firm in order to divert payments from clients. 

One phishing scam targeting CMS also involved telephone impersonation, where scammers pretended to be a partner in the firm's corporate department.

Blake Morgan was another firm subject to website impersonation in April, according to the firm.

"Sadly, website cloning has become increasingly common across the legal sector in the last few years as fraudsters have become more sophisticated and gained in confidence," a spokesperson for the firm said.

"In April this year, we were made aware of a false website put up in our name and took immediate action to notify the SRA and put a warning notice on our website. No client of ours has been affected by the scam, and if anyone does receive any communication from the site, we ask they report it to Action Fraud."

Earlier this month, a report by a cybersecurity firm found that detailed and potentially sensitive information from 190 law firms was left "exposed" on an open database platform.


|

Read more

Data From Hundreds of Law Firms Left 'Exposed' On Open Platform