Cybercriminals are increasingly targeting businesses through one of their most trusted tools: email. Business email compromise (BEC) has emerged as a leading cyber threat, with financial losses surpassing $2.7 billion in 2023. For law firms, the stakes are even higher. Beyond financial losses, a compromised email account can jeopardize client trust, expose sensitive data and severely damage reputations.
BEC attacks involve criminals impersonating trusted individuals—executives, vendors or colleagues—to manipulate victims into transferring money or revealing confidential information. These attacks are precise and calculated, leveraging research, phishing tactics and even artificial intelligence to succeed. A convincing email might look like a password reset request from Microsoft or an urgent wire transfer authorization from a senior partner. Once attackers gain access, they can take over email accounts, set up forwarding rules to monitor communications and execute their plans undetected.
Why Law Firms Are Prime Targets
Law firms face unique risks that make them particularly attractive to cybercriminals. Their daily operations often involve handling large financial transactions, managing privileged client information and maintaining high levels of trust in email communications. These characteristics create an environment where fraudulent emails can go unnoticed, and attackers can exploit even small lapses in security.
While many firms have implemented basic protections like multi-factor authentication (MFA), modern attackers have adapted. Techniques like session hijacking allow cybercriminals to bypass MFA by capturing session tokens and impersonating users in real time. This means even firms with seemingly robust defenses may still be vulnerable.
Signs of a BEC Attack
BEC attacks are often subtle and difficult to detect, but there are some key indicators firms should watch for:
- Simultaneous logins from disparate regions, sometimes referred to as “impossible travel.”
- Creation of unexpected email rules, such as auto-forwarding to external addresses.
- Requests for wire transfers or account changes that deviate from standard procedures.
- Unusual changes to authentication settings, such as new devices or updated MFA methods.
If any of these signs are present, it’s crucial to act quickly to investigate and contain the threat.
Real-world Examples of BEC in Action
The sophistication of BEC attacks is exemplified by recent cases. In one instance, a controller at a large organization received a video call from an attacker impersonating their CEO. Using deepfake technology, the cybercriminal convincingly requested a $25 million wire transfer, which the controller authorized. In another case, a law firm admin received what appeared to be a routine email from an employee requesting a payroll deposit change. Without realizing it was fraudulent, the admin processed the update, sending funds to the attacker’s account.
These scenarios highlight the evolving nature of BEC and the creativity of cybercriminals in exploiting trust and routine processes.
Building a Proactive Defense
Protecting against BEC requires a multi-faceted approach that combines advanced technology, clear policies and continuous education. Advanced tools can monitor login behaviors, detect session hijacking and automatically respond to threats. Regular reviews of email rules and 24/7 system monitoring are essential to identifying breaches before they escalate.
Additionally, law firms should implement safeguards that include:
- Wire transfer verification protocols: Require multi-step verification, including direct phone confirmation with known contacts.
- Vendor payment change policies: Treat any request to update payment details as a potential red flag, verifying them through trusted channels.
- Incident response plans: Establish clear protocols for containing and reporting breaches to ensure compliance and rapid response.
User awareness training is another critical component. Employees need to understand the latest BEC tactics, such as how attackers bypass MFA or use AI to create convincing scams. By fostering a culture where employees feel comfortable reporting suspicious activity, firms can catch potential threats early.
Why Proactive Measures Matter
Cybercriminals only need to succeed once, while your firm must remain vigilant at all times. Investing in proactive defenses—both technological and procedural—is essential to protect client trust, sensitive data and financial assets. By taking steps to prevent BEC attacks, law firms can minimize the risk of financial losses and reputational harm.
Netgain specializes in safeguarding law firms with tailored cybersecurity solutions, from advanced tools like extended detection and response to comprehensive policy reviews. Contact us today to learn how we can help protect your firm from the growing threat of business email compromise.