Beware: Don’t Open That Email From L@tham

Increasingly, fraudsters are using (or least attempting to use) the good name of Biglaw firms in order to perpetrate their crimes. According to the British Solicitors Regulation Authority (SRA) Scam Alerts database, scams using law firm names has increased 180% in three years.

As reported by American Lawyer, the names of Biglaw firms are getting dragged in the process:

Milbank’s name was misused in phone calls earlier this year by fraudsters posing as insurance agents linked to the firm, according to the SRA Scam Alerts. Dechert’s brand was used on fake WhatsApp numbers, email addresses, a fraudulent website, and a forged agreement falsely signed by a real partner. And Latham’s name has cropped up in three email scams where the names of real partners were falsely cited to demand overdue payments, the SRA site shows.

Linklaters, Hogan Lovells, and Slaughter and May monikers have all been misused in past years as well, as have Debevoise & Plimpton, Simpson Thacher & Bartlett, Baker McKenzie, and Ropes & Gray.

And it’s not like it’s just a problem across the pond. Matthew R. Baker, Baker Botts’s San Francisco-based privacy and cybersecurity practice group chair says, “We are getting notices and fielding these threats every day. Every single day. Law firms are becoming quite an interesting and unique and ripe target right now and I think it is because we represent a variety of very very big targets, victims, and we have so much incredibly confidential and proprietary information.”

These aren’t the only cybercrimes facing Biglaw.

While law firm scams often involve deceiving people to steal money or information, hackers use their technical skills to break into systems, often to steal, spy, or disrupt. Ransomware cybercriminals lock or encrypt their target’s data, usually with a demand for payment to restore access. Kirkland & Ellis, K&L Gates, and Proskauer Rose have all been targets of a ransomware group known as CL0P. DLA Piper was also hit by a major cyber attack in 2017 that knocked out phones and computers.

In November 2023, legacy firm Allen & Overy was targeted by ransomware group LockBit and the firm was given a deadline to pay a ransom to recover data that the group claimed to have stolen. It is not known if the firm paid the ransom, but one day before the deadline the firm’s name disappeared from the hacker group’s list of organisations it was holding to ransom.

And with the rise of AI, don’t expect the problem to get better. As Baker said, “Artificial intelligence has really given over unique weapons to amateurs and it has allowed amateurs and professionals to weaponize these kinds of TTPs [Tactics, Techniques, and Procedures]. So it has broadened the landscape for who is a threat actor, and then at the same time it has made those TTPs—those types of processes—more varied, more sophisticated, and it has multiplied them.” So even lawyers that don’t care for technology can’t ignore this growing problem.

Kathryn Rubino is a Senior Editor at Above the Law, host of The Jabot podcast, and co-host of Thinking Like A Lawyer. AtL tipsters are the best, so please connect with her. Feel free to email her with any tips, questions, or comments and follow her on Twitter @Kathryn1 or Mastodon @Kathryn1@mastodon.social.

The post Beware: Don’t Open That Email From L@tham appeared first on Above the Law.