Email is one of the most common ways cybercriminals attempt to gain access to sensitive business information. Phishing messages can be hard to spot, sometimes arriving from real accounts that have been compromised.
For roster lawyers, email‑based threats can pose added risk due to the exposure of:
- Trusted communications with clients and colleagues
- Sensitive or confidential client information
- Financial and payment‑related instructions
Be cautious of emails that:
- Come from known contacts but have unusual wording, tone or requests
- Include unexpected links or attachments
- Request sensitive, confidential or financial information
- Use urgency or authority to prompt immediate action
Good habits to follow:
- Avoid clicking links or opening attachments in unexpected emails
- Verify unexpected or sensitive requests using a separate, trusted contact method, such as phoning the sender to confirm they actually sent the information
- Use strong authentication for email accounts, such as multi‑factor authentication (MFA) or passkeys, where available
Remember: Pause, Verify, Protect
Pause before acting, verify using a trusted method and protect your systems and client information.
Staying alert — even when messages appear legitimate — is an important part of protecting your practice and your clients.