In an era of remote work, law firms continue to see a spate of data breaches and cybersecurity attacks. Recovering from a cyberattack often involves a significant investment of time and resources. Plus, after a breach, attorneys may find themselves unable to access firm technology and unable to log hours. As cybercriminals continue finding new ways to obtain personal data, lawyers must remain on high alert.
Phishing emails, which have been around since the 90s, are emails sent by bad actors trying to convince recipients to give up important personal information to a website disguised as a legitimate source. In the growing world of cyber scams comes smishing, the term given to SMS-phishing attacks. As with phishing emails, smishing text messages attempt to convince recipients to input bank credentials, social security numbers, or website/login credentials, which they can then use to steal data or money. Cybercriminals also frequently target companies by tricking employees into downloading malware onto their work devices.
Additionally, as attorneys and firm staff continue to work from home, personal devices, including cell phones, are being used for work tasks. The data crossover this creates can put sensitive information at risk if precautions are not taken. Private data’s biggest risk factor is accidental human error. Attorneys or staff may mistakenly give up credentials to a person or site that’s illegitimate.
Whether you carry an iPhone or Android, your phone has likely been pinged with a smishing text in the last year. Common smishing messages include texts saying you’ve been chosen to receive a gift card from Amazon or another well-known merchant, texts claiming to be from a financial institution asking you to update account information, or one of the latest schemes: the package text. As more people shop online, cybercriminals are increasingly sending text messages claiming to be from a package delivery service with a tracking number and link to confirm delivery. Some links may take you to a fake site offering a “free” reward and ask for credit card details for shipping. These are especially convincing if you have a package in transit.
Smishing Red Flags
The success of smishing scams is completely dependent on fooling recipients. The best way to avoid falling prey to smishing messages is to be aware of the tell-tale signs. These include:
Unexpected requests: Requests asking for money, like for the delivery of a package, and messages asking for personal or financial information should always be vetted. Legitimate businesses and services will not ask for this kind of information via text.
Grammatical Errors: Smishing texts frequently include grammatical errors and misspellings. Excessive use of capitalization, exclamation points or emojis are signs the message may be fraudulent. It’s also important to pay attention to web address links and email domains. To make fictitious sites and people appear real, cybercriminals create domains with slight alterations to company names. For example, FedEx may appear in a smishing text as “fedx.com” or “fed-ex.com.”
Unusual sense of urgency: Smishing texts may ask you to do something important immediately or as soon as possible, instilling urgency that can lead to rash decisions. The message may say that your account will be suspended if you do not login and update your info now.
What to do if you receive a smishing message
If you receive a smishing message, do not click links or respond. Block the number and report it as spam to the Federal Trade Commission. If you aren’t sure whether the message is legitimate, contact the verified sender separately to confirm.
Law firms should hold regular trainings on smishing detection and avoidance to ensure that attorneys and staff are aware of threats. Staying up to date on cybercrime trends is the best way to avoid putting sensitive data at risk. For more information on how to protect your firm’s data, contact us.
Thom Haupt is the Director of IT at LOGICFORCE. Thom focuses on system design, network architecture and the adoption of new technologies and systems. He also specializes in improving cross-functional connectivity between departments at LOGICFORCE.