Phishing Scams


Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an email. They take the form of a message, allegedly from your bank or an online retailer you deal with that suggests your account has been compromised or that payment is overdue. Phishing scams are usually bulk emails sent to large numbers of people. Even if only two or three per cent of recipients fall for them, hundreds or even thousands of people can be victimized. (LAWPRO Magazine, Lawyers’ Professional Indemnity Company, “Serving Indigenous Clients” (Vol. 15 no. 1).

Phishing Risk Management:
Don’t reply to email, text, or pop-up messages that ask for your personal or financial information. Don’t click on links within them either – even if the message seems to be from an organization you trust. It isn’t. Legitimate businesses don’t ask you to send sensitive information through unsecure channels.

Spear Phishing:
The “spear” in spear phishing alludes to the fact that messages are targeted to specific individuals. Spear phishing messages are more convincing because they are personally addressed, appear to be from someone you already know, and may include other detailed personalized information.

Educate the lawyers and staff at your firm to make sure they will not fall for a spear phishing scam. Follow firm processes and procedures for the review and approval of financial transactions – and don’t bypass them due to urgent circumstances. Never share confidential client or firm information without being sure it is appropriate to do so by getting confirmation from someone familiar with the file. Be on the lookout for and question any last minute changes on fund transfers or payments. (LAWPRO Magazine, Lawyers’ Professional Indemnity Company, “Serving Indigenous Clients” (Vol. 15 no. 1).

Phishing attacks directed specifically at senior executives and other high profile targets within businesses appearing to be sensitive business matters. Often come in the form of subpoena, customer complaint, or executive issue. (Wikipedia)

Clone Phishing
A legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. (Wikipedia)


323 West Main Street, Suite 600 | Louisville, Kentucky 40202 | Phone: 502-568-6100 | Fax: 502-568-6103

Disclaimer: The contents of this Web site are intended for general information purposes only and should not be construed as legal advice or legal opinion on any specific facts or circumstances. It is not the intent of this Web site to establish an attorney’s standard of due care for a particular situation. Rather, it is our intent to advise our policyholders to act in a manner which may be well above the standard of due care in order to avoid claims having merit, as well as those without merit. In the event any statement on the Web site differs from a statement in an issued policy the policy will control.