How to Guard Against Impersonation Phishing Attacks

February 12, 2019
Cyber Alert

Download a PDF of the Alert

Risk Management Question

What is an impersonation attack and what steps should you take to protect yourself and your firm?

The Issue

An impersonation attack is a type of phishing scheme where a hacker creates an email that appears to come from someone at your firm, usually a person in a leadership role such as a managing partner or a practice group leader. Many firms implement an email gateway which automatically flags emails that originate from outside the firm. In response, hackers will send an email from a personal, non-firm email account, like: While the email address is clearly suspicious, many hackers use an e-mail header that associates an attorney with the particular email address, such as: John Smith (

Risk Management Solution

You should be highly suspicious of any email that purports to come from the personal email account of an employee of your firm—especially someone senior. Take the following steps when handling such an email:

By implementing security precautions, you can avoid big and expensive problems. Remember, think before you click.