Social Engineering Fraud

March 14, 2018
Cyber Alert

Risk Management Question: How can lawyers identify and avoid increasingly common social engineering scams?

The Issue: The FBI reports that social engineering scams have resulted in over $5 billion lost over a recent 36-month period. Social engineering involves a variety of deceptive schemes and techniques used by fraudsters aimed at tricking a victim into taking actions that can range from providing information, clicking on links or attachments, or transferring funds. Social engineering exploits can involve phone calls, emails, text messages or any combination thereof. Many of these exploits are based on publicly available information from a law firm's website or a lawyer's, or a family member's, social media activity. They often begin with a seemingly innocent phone call.

Within the last couple of weeks, a number of law firms that share threat information reported an increased number of social engineering, phishing-type phone calls seeking information. Last week, one of the lawyers in Hinshaw's New York office received such a call from a person, supposedly in New Jersey, who claimed that he was being scammed. The caller was given our lawyer's name and told to send our lawyer $4000. This is an example of how scammers will try to take advantage of our natural instinct to help — and to take on new work. Another common social engineering scam involves a call from a person posing as an IT help desk worker asking for information in order to update software or fix a computer problem.

Anyone could be targeted; the questions asked may seem harmless, but there is a reason for those questions. Social engineers will go to great lengths to gain access to information or data that they can exploit, including personal information, passwords, account numbers, phone numbers or phone lists, information about your computer or your network. The information you provide may help them take their next step in their social engineering scheme. Do not underestimate the risk of engaging a person on the phone that you don't know.

Risk Management Solutions:

Microsoft has reported the number of social engineering exploits now exceed the number of attacks based on software vulnerabilities. Take this risk seriously.

Remember, let's be careful out there.

Download Cyber Alert - Social Engineer Fraud (PDF)