Email Hijacking: A Critical Threat to Law Firms

As more law firms abandon their in-house email servers in favour of cloud-based email services, cyber criminals have taken note. Law firms now face a graver threat than ever from hackers whose stealth and patience can make their activities especially difficult to spot.

Share this post

Among their most effective tactics is email hijacking: the use by criminals of an unsuspecting account holder’s login credentials to access email accounts and monitor their activity.

How do Hackers Benefit from Email Hijacking?

Once they gain access to an account, email hijackers rarely take immediate action. Instead, they monitor the account’s activity, typically searching for details of financial transactions. With enough patience and just a few bits of information, hijackers can divert funds into their own accounts, where it is often lost forever in a whirl of laundering manoeuvres.

Law firms are particularly susceptible to email hijacking operations, since they present such lucrative targets to hackers. Aside from financial transactions, patient hijackers can gather sensitive information about lawyers and their clients, which they can use to directly enrich themselves or hold for ransom.

How Does Email Hijacking Work?

After hijackers gain access to an email account, they often look for quick opportunities among recently transmitted messages. If nothing recommends itself to them, as is usually the case, hijackers typically divert incoming messages before analysing them for signs of opportunity.

Some hijackers forward all incoming email to their own accounts, then examine each message at their leisure. Others take the time to identify promising correspondents—those who mention financial transactions, for instance—and divert their messages to a new folder unknown to the account holder, never allowing them to touch the rightful owner’s inbox. They are then free to impersonate the account holder, and to accelerate their plans to extract money from one or both parties.

Do Law Firms Run Special Risks from Email Hijacking?

In a word, yes. Law firms run the same basic risks as other enterprises that handle financial transactions, and any company can suffer when just one employee’s account is hacked.

But the nature of legal work exposes law firms to additional forms of risk. If it becomes apparent that third parties have gained access to privileged information, the firm may be required to report the breach to the SRA and the ICO, along with the affected clients themselves. Once this information is revealed, it may become public, leading to a severe loss of public trust. At the same time, such revelations may encourage hijackers to charge a ransom for the release of information they have secured, adding to the financial cost of the breach.

How do Hijackers Choose Their Targets? Am I at risk to email hijacking?

From the perspective of an email hijacker—or any other malicious hacker—no one employee at a law firm is necessarily a riper target than any other. One email account is often all it takes for a hacker to infiltrate the system further, until they have achieved their goal.

Criminal hackers do not choose their targets with much care. Instead, they tend to gather login credentials from various sources—they may purchase stolen login credentials, steal them in phishing campaigns, or run programs that guess common password combinations in the hopes of finding one that works. They then feed those troves of credentials into automated tools that quickly test each set of credentials against a wide range of accounts.

Even if you have chosen your login credentials with care, your accounts have almost certainly been tested many times over.

How Do Login Credentials Fall into the Wrong Hands?

Even if you take all possible precautions, your email credentials can still end up on a hijacker’s list. Here are the main sources of compromised login information.

  • Weak passwords, including ones that reflect easily gathered information about you, are easy for seasoned hackers to crack.
  • Re-using passwords is convenient, but each repetition increases your chances of being hacked.
  • Phishing attacks are sometimes surprisingly sophisticated, and all it takes is a moment of weakness to reveal your password.
  • Data breaches can expose not just your password but a good deal of other personal information to the world, or to the highest bidder.

How Can I Protect Myself Against Email Hijackers?

Regardless of whether you suspect that your firm’s email system has been compromised, we recommend a fivefold approach to safeguarding your account against hijackers.

  • Choose a new, strong password, preferably a random one that includes numbers, symbols, and capital letters.
  • Use multi-layer authentication wherever possible—Gsuite users should use two-step authentication, Office 365 should choose MFA, and so on.
  • Ask your email administrator to review your access logs for suspicious or malicious behaviour. Even if you have been running a fairly tight ship, this can be an eye-opener.
  • Review every forwarding rule assigned to your account. If you use both a dedicated email client and a web interface, you may need to check each platform independently.
  • Configure your systems for increased defence—or ask your network administrators to. This should include enabling audit logs, setting up alerts, and limiting the number of administrators with full access to the system.

Technology alone cannot fully protect you against email hijackers or other malicious hackers. Nor can your IT department fully secure your email account against attacks. The somewhat chilling fact is that more than 60% of security breaches are caused by errors committed by end-users.

The best protection against email hijackers starts with a thorough risk assessment covering your systems, the data exchanged amongst them, and the procedures and policies governing their use. Everyone in the firm must be made aware of proper cybersecurity practises, and their knowledge should be confirmed through regular testing. These steps must inform a comprehensive, regularly updated data-governance regime designed to safeguard the firm’s IT infrastructure and confirm that everyone with access to it regards themselves as guardians of its security.

CYBER SECURITY UPDATES

Sign up for the latest advice and information about keeping your business cyber secure.

Share this post