How to Guard Against Impersonation Phishing Attacks

Download a PDF of the Alert

Risk Management Question

What is an impersonation attack and what steps should you take to protect yourself and your firm?

The Issue

An impersonation attack is a type of phishing scheme where a hacker creates an email that appears to come from someone at your firm, usually a person in a leadership role such as a managing partner or a practice group leader. Many firms implement an email gateway which automatically flags emails that originate from outside the firm. In response, hackers will send an email from a personal, non-firm email account, like: managingpartnerprivate@gmail.com. While the email address is clearly suspicious, many hackers use an e-mail header that associates an attorney with the particular email address, such as: John Smith (managingpartnerprivate@gmail.com).

Risk Management Solution

You should be highly suspicious of any email that purports to come from the personal email account of an employee of your firm—especially someone senior. Take the following steps when handling such an email:

• Do not respond to the email without confirming the email is actually from the purported sender and not from a fraudster. Try using the telephone, but don't call the phone number in the email, because you could be calling the hacker.
• Similarly, don't try to confirm the identity of the sender by hitting the reply button, because you could be communicating with the hacker. Instead, find another way to communicate, such as the person's official firm email address.
• Never click on a link or an attachment in an email from someone you don't know. You should also never click on any link or attachment you were not expecting to receive—even if it's from a known sender—because it may be from a hacker impersonating the person you know.

By implementing security precautions, you can avoid big and expensive problems. Remember, think before you click.