Cyber security cautionary tale

19 October, 2016
Download PDF

Introduction

Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out.


The realistic email

A principal of one of our insured firms had been expecting a parcel from overseas. He had received several emails appearing to be from Australia Post and eventually thought the emails might be about the parcel he was waiting on. He opened one of the emails and it said his parcel could not be delivered. He was instructed to download and print the attached label and take it to Australia Post. When he clicked on the link it opened a white page and nothing more.

About three minutes later all the icons on his screen went white and he had a message flash up that the crypto locker virus had locked his computer. The message said he had to pay $640 in bitcoin by a certain time to have his computer released and if he didn’t pay by then it would go up to $1280 with again a limited time to pay.

He immediately rang his bank and told them to lock his accounts. No money was lost.

He had his IT people look at the system and he spoke to the ACCC. The ACCC recommended that he not pay the ransom which he complied with. His practice management software and client information was stored on the cloud and he was assured by the administrators of the system that his client data had not been affected. His IT people also confirmed it was just his computer that was affected so they cleaned it and returned it. He did not pay the ransom. He lost five years’ worth of family photos he had just loaded on the computer that he intended to store on a memory stick.

Hijacking his email

Several days later, after the time to pay the ransom had expired, he started getting bounce back emails from people he did not know. The numbers quickly increased to thousands. Someone had sent out an email from his firm purportedly on behalf of AGL to thousands of people stating their energy account was overdue and they needed to pay straight away by clicking on a link.

He contacted his IT people and the police. The police advised this is a very common pattern. The crypto locker virus collected his email password. The criminals were then able to access his email and send the scam emails as though it had come from his firm. It appears that none of the firm’s clients were actually sent the email.

The emails were traced to a site overseas.  The good news was the link in the email for payment was broken by the time the police checked it so no one could pay.

It wasn’t clear whether the criminals would have used his email if he had paid the ransom or whether they did it as a consequence of not paying the ransom.

The firm’s email has now been moved to Microsoft 365 for better protection.

Lessons

This illustrates how easily firms can be caught out as well as how important it is to have as many safeguards as possible in place and to understand the current threats. Having his client files behind high security in the cloud had been a good strategy. Had the practitioner understood more about these viruses he might also have:

  • checked the email address of the Australia Post email by hovering over the sender’s address or copying it into google to look for fraud warnings
  • changed the email password after cleaning the computer of the virus and prevented access to the firm’s email.

For more information on how to protect your firm see LPLC’s cyber security checklist.  This lists the minimum that firms need do and is the equivalent to ‘locking the door’ on cyber criminals.  We wouldn’t dream of leaving our office unlocked so anyone could walk in and take what they wanted and neither should we do so with our computer system.

For other information on cyber threats and security see the cyber security section on our website.

 

Legal Practitioners’ Liability Committee
October 2016