Phishing scam levied at law firms shows email’s vulnerabilities

Phishing scams have become a major problem for organizations from just about every industry. Gaining information through deception and lies certainly isn't new, but doing so behind the facade of a legitimate-looking email address has become a frighteningly effective means of gathering information. While many hackers utilize phishing in order to eventually gain access to lucrative company data, one cybercriminal has taken this scheme to the next level. 

Oleras, a Russian hacker who appears to be operating within Ukraine, has been recruiting other hackers in a grand plot to infiltrate multiple different law firms. One of the ways Oleras is doing this is by taking advantage of email’s vulnerabilities and targeted phishing attacks aimed at important figures in each organization. 

"The hacker planned on making much more than $1 million."

What were the hacker's intentions?

It would seem that Oleras wasn't attempting to make money off of each institution's data itself. Rather, he was looking for information about mergers and acquisitions, according to Crain's Chicago Business contributor Claire Bushey. Apparently, the hacker intended on participating in insider trading by gathering intelligence about which companies would soon be bought out. 

The phishing portion of this plan involved deceiving important lawyers at each firm by making them think they were to become the subject of an article for a trade journal about their previous experiences in mergers and acquisitions. The hacker would then most likely use the data gathered during an interview to access accounts held by the lawyer, thereby gaining important information he could then use to manipulate the stock market. 

What's more, Oleras wasn't just looking to make some extra pocket change out of this deal. The cybercriminal worked on recruiting experienced black hat hackers to handle the more complicated cybersecurity portions of his plan, promising them a 50 percent cut of all the money made after $1 million. This means Oleras planned on making much more than $1 million, showing just how big this law firm scam actually is. 

Companies just aren't prepared for these kinds of scams

Although no data seems to have been leaked yet, this incident shows that hackers rely heavily on phishing in order to complete their nefarious plots. The main problem with this is that companies are nowhere near prepared to handle this threat. Chris Hadnagy, CEO of consulting company Social-Engineer, stated that fewer than 10 percent of companies actually train their employees about phishing. 

Considering how few people are trained on how to spot these kinds of scams, it's no wonder that hackers love to use them. In addition, cybercriminals know that phishing is just a numbers game. Even if 99 percent of a company's workforce knows about phishing – which Hadnagy has shown that they don't – a hacker can just send out a massive number of emails to find the 1 percent that don't. 

Hackers play the numbers game when they go phishing. All a hacker needs is for a single employee to take a bite.

FoIP can help

This is yet another example of why email simply isn't as secure as other modes of communication. Hackers know how to exploit email to their advantage, which is why relying on it for important documents can be a dangerous move. This is why so many companies have turned to Fax over IP for their private document transfer needs. 

Much like legacy fax systems, FoIP solutions aren't generally targeted by hackers looking to utilize a phishing attack. However, unlike older fax machines, FoIP allows for a similar level of convenience as email. It's all the speed of email without the ever-present danger of becoming the victim of phishing, a winning combo for multiple different industries. 

Enhance enterprise communication, collaboration and compliance efforts with a proven FoIP solution from FaxCore. Contact FaxCore today to learn more about their 'Partly-Cloudy' fax solutions.