Hacking: The gaining of unauthorized access to data in a system or computer.
Spoofing: Hoax or trick [someone].
Law Firms are no strangers to the concept of malicious computer users (ex: Panama papers). The recent spike in attempted law firm hacking attempts has given lawyers across North America a newfound awareness of computer security, with the idea of avoiding and blocking “hackers” from gaining access to their system. Most users, however, misidentify malicious attempts. Many of these so-called “hacking” attempts, are actually “spoofing” attempts.
The threats in question often come in the form of familiar emails (from a friend, coworker, or popular brand, such as Canada Post, or Amazon), phone calls, and social media messages. Though these messages appear to be innocuous, they are actually sent with malicious intentions, usually to gather log-in information for a specific targeted website.
Though we stated earlier that hacking and spoofing are not
technically the same concept, spoofing is usually the first step in a hacking
attempt. The malicious “spoofer” sends an email to a targeted individual, with
the idea of learning their password, to then later log-in to the targeted
individuals accounts and either mine the data, hold it for ransom, or hi-jack
the email account and target more users via their email address.
What do we do with this information?
We advise users to be wary of emails that seem a little “off”, make unusual/time sensitive requests, or ask for confidential information via email. Additionally, we recommend you hover your mouse over the “sent” area of the email in question, to see who really sent the email. Spoofers will often use a familiar name as their display name when sending emails (ie: Canada Post), but will actually be emailing from firstname.lastname@example.org. This can be identified by double checking who you’re responding to.
How can I find out more?
Go to bmcnetworks.ca/assessment to find out if we can help fix some issues in your IT environment.