Mind Games Cybercriminals Play with Law Firm Employees
October 7, 2022
“Hackers Don’t Break In, They Log In”
We love that quote from Corey Nachreiner, the CSO of cybersecurity firm WatchGuard. We do of course make logging in all too easy. Many law firms do not have an out-processing checklist for those who leave their employment, so we make it simple to discover IDs and passwords that are “hanging around.”
If they reused their passwords, they make it even easier for the attackers. But a current ploy is simply to pretend that they are someone else (usually another law firm employee) and indicate the need for the ID/password for any number of reasons – a network threat they are working on or involvement in a compilation of IDs/passwords to be stored securely in the cloud to enhance (they say) security.
They may even pretend to be your IT provider and they need your credentials to counter an imminent threat that has just been discovered. A remarkable number of law firm employees will give up their credentials in their desire to be helpful to someone they presume to be legitimate.
Are we saps? Pretty much, based on the evidence.