Ransomware is a form of malware whereby an attacker blocks access to your systems and/or threatens to publish your information unless you pay a ransom (hence the name).

The malware is normally downloaded when someone opens a corrupt attachment to an email, or clicks on a hijacked hyperlink contained within an email or on a website.

Ransomware can often spread across the network, infecting other machines, including servers.

Precautions for this type of attack

An important precaution is training for staff in recognising suspicious emails and attachments, and not opening unsafe websites. The IT infrastructure (anti-virus scans, firewalls, etc.) needs to be up-to-date, while daily backups and regularly ensuring that these backup procedures are working appropriately will mitigate the effects of a ransomware attack.

Phishing emails are malicious emails, which prompt the reader into providing confidential information by looking like a genuine email. Irish solicitors may be targeted as they wield the log in credentials for their office and client accounts.

1. Request for Direct Response: This email asks the recipient to update their log in credentials to their bank account. The internet website may look similar to the one used by the recipient. When seemingly updating the credentials, the recipient has in fact provided their confidential log in to their bank account, thus facilitating a fraudulent withdrawal from the account.
2. Hijack of the genuine website: This phish will prompt the recipient into opening a corrupt attachment, which in turn corrupts the hyperlink to the website of a genuine financial institution. When opening that hyperlink, the recipient is unknowingly redirected to a fraudulent, almost identical copy of the website. The recipient would then in fact provide the attackers with the confidential log in details for their bank account, facilitating a fraudulent withdrawal. Some of these attacks are so sophisticated that they can be combined with a corrupt “helpline”, where the target is convinved to provide card reader pin codes over the phone to facilitate "unlocking" the account when they are in fact unwittingly authorising the withdrawal.

Precautions for this type of attack

• Train your staff to identify and not open suspicious emails.
• Remember that financial institutions will never send you an email asking you to provide any of your personal banking details.
• Be vigilant about spotting fake websites purporting to be of financial institutions.
• When calling financial institutions, do not use the number displayed on your screen, as your computer may be infected. Use an alternative way - for example, you may have downloaded your bank’s mobile app to your phone, which will connect you to Customer Services.
• Your IT systems should be up-to-date.

Email spoofing is the creation of email messages with a forged sender address so that the email appears to come from a trusted source.

This type of fraud originates with a phishing email which contains an infected attachment. This malware provides access to the system. The purpose of gaining such access is often to watch and investigate the internal email traffic in the solicitor’s practice. This secret access may be ongoing for many months.

Once they have insider knowledge, the attackers can forge an email, which reads like a genuine internal payment request; this email may even quote correct client references or file numbers.

Alternatively, email correspondence with an external third party may be intercepted, and respective bank details amended. Some malicious emails use Law Society or other solicitor logos to make their emails look more genuine (Cyber Security Alert, March 2022).

As a result, the money will be transferred to the fraudulent account and subsequently dissipated prior to the fraud being identified, making it very difficult to recover the money.

Precautions for this type of attack

• Be sceptical of any attachments received in an email, particularly from an unknown source. If in doubt, do not open the attachment.
• Be sceptical of unexpected instructions in relation to the transfer of funds, for example to foreign bank accounts. An email to say that a bank account has changed can be a red flag.
• Many solicitors have now adopted a two-check system, whereby they make a telephone call to verify the bank account details. Further and detailed guidance can be found in Spear Phishing – the latest threat.
• Your IT systems should be up-to-date.

• December 2023 Gazette - 'The phantom menace'

• November 2023 Gazette - ‘Equality of arms’

• October 2023 Gazette - ‘Head in the sand’

• Aug/Sept 2023 Gazette - ‘Potential threats’

• July 2023 Gazette - ‘Stress test’

• Aug/Sept 2023 Gazette - ‘Safe haven’ 

• June 2023 Gazette - ‘Attack mode’

• March 2021 Gazette – Tangled webs – managing risk in an upside-down world

• April 2020 Gazette – Return of the Cybermen

• April 2019 Gazette – Away in a hack

• Jan/Feb 2017 Gazette - Rise of the Cybermen

• June 2016 Gazette - Surviving a Crypto-Virus Attack

• July 2015 Gazette - Fraud (email intercepted by fraudsters)

• May 2015 Gazette - Revenge of the Cybermen