Cyber attacks don’t discriminate as one Australian lawyer discovered.
As a legal professional, sending and receiving documents via email is common practice, and many of these emails contain confidential information such as case notes, invoices, and meeting notes.
So, when this legal practitioner received an email requesting them to click on a link to access a legal brief via a document-sharing service, they didn’t think there was anything suspicious as it seemed to have come from an administrative employee at an established law firm with whom the lawyer regularly did business.
The link in the email prompted the lawyer to put in a password and user ID and as the link went to a Microsoft login page that looked like the real thing, they did without any hesitation.
Within 20 minutes, the lawyer had received dozens of text messages, phone calls, emails, and even a LinkedIn message from people advising of a possible cyber breach.
The hackers had unleashed a virus that within minutes had taken control of the legal firm’s Outlook email. The firm later learnt that one person who received the malicious email from the hacked account had become a victim as well and had to pay an expert to get back into their own system (and change hard drives).