Legal firm counts the cost of cyber attack

Even with in-depth knowledge businesses can be the victim of cyber breaches as one legal firm discovered.

28 February 2022 

Cyber attacks don’t discriminate as one Australian lawyer discovered.

As a legal professional, sending and receiving documents via email is common practice, and many of these emails contain confidential information such as case notes, invoices, and meeting notes.

So, when this legal practitioner received an email requesting them to click on a link to access a legal brief via a document-sharing service, they didn’t think there was anything suspicious as it seemed to have come from an administrative employee at an established law firm with whom the lawyer regularly did business.

The link in the email prompted the lawyer to put in a password and user ID and as the link went to a Microsoft login page that looked like the real thing, they did without any hesitation.

Within 20 minutes, the lawyer had received dozens of text messages, phone calls, emails, and even a LinkedIn message from people advising of a possible cyber breach.

The hackers had unleashed a virus that within minutes had taken control of the legal firm’s Outlook email. The firm later learnt that one person who received the malicious email from the hacked account had become a victim as well and had to pay an expert to get back into their own system (and change hard drives).


Protect your business from cyber scams and attacks with automated staff training, phishing simulations, tools and resources.

The Australian Government said email scams like this cost businesses more than $128 million in 2020.

The Australian Competition and Consumer Commission, as well as other regulators including Scamwatch and ReportCyber, banks and payment platforms, received a combined total of more than 444,164 reports, with reported losses of more than $850 million in 2020.

Scam losses reported by businesses increased by 260% in 2020, to $18 million from $5 million in 2019. 

Businesses made the most reports about false billing and phishing scams. These scams typically involve a request for payment for a service or item that wasn’t ordered, or a scammer diverting money by impersonating the intended recipient of a payment.

Be cyber safe

To help keep your business cyber safe, you should prioritise upgrading your devices and software, install anti-malware, regularly patch your operating systems, run backups and train your employees. Having the knowledge to differentiate between safe and malicious emails can make all the difference. 


Train your staff to be the frontline of your defence against cyber attacks with plans starting from $10/month

Found this useful?

Subscribe to our newsletter and receive the best business tips and articles straight to your inbox.

Thank you for signing up to our newsletter. You're one step closer to receiving more insightful information to help better your business.

We take your privacy seriously and by subscribing to our newsletter you agree to the terms of our Privacy Policy available below.