Law firms continue to be juicy targets for hackers.


Lawyers deal with and are privy to lots of sensitive information and data, making them a highly targeted professional group.

Attacks targeting law firms can come in various forms. Hackers can attempt to hold data for ransom via ransomware, or they can “phish” for financial details and account credentials with scam emails.


The path of least resistance

Hackers have realized social engineering is oftentimes an easier way in than busting through an organization’s outer defenses. Anyone can carelessly click on an innocuous-looking hyperlink or button in a fraudulent email.

The InCare team has noticed a fresh wave of attacks targeting our clients in the legal industry.

Is it a coincidence these are occurring as we head deeper into the holiday season, where our attention is divided among professional, familial, and holiday obligations, and our inboxes might be a little more swollen than usual? We think not.

These recent attacks on these law firms are phishing emails warning of Office 365 account deactivation.

Below is a sample provided by one of our clients:


Phishing email example warning of Office 365 account deactivation


Panic is the name of the game

Many scam emails will try to rile you up. In the specimen above, the cybercriminals are attempting to get the target in a state of distress with impending account deactivation.

Check out this language:

  • Action required!
  • mail deactivation
  • your account would be deleted
  • access to your account would be declined

When confronted with something panic-inducing (such as the thought of your inbox being unceremoniously wiped out), always take a moment to review things carefully before succumbing to emotion and clicking away on mystery buttons and links.

A big red flag to scam emails is stiff language, as many cybercriminals are foreigners. This whole message is stiff.

Be cautious of messages that say you need to ACT NOW! Don’t let bold warnings and exclamation marks bully you around.

If you’re worried about the contents of a suspicious-looking email, you can always go directly to your online account or call the appropriate number instead of clicking on something in the email.

You can also run potentially fraudulent communication by your IT department or managed security provider. InCare customers, contact the help desk at 205-277-CARE for support.


Looking for Office 365 assistance? Is your law firm plagued by phishing attempts and other cyber-shenanigans?

You’ve come to the right place.

“InCare is an industry-recognized managed services provider and longtime Microsoft partner,” said Aaron Allen, Director of Technical Services at InCare. “We have offices in Birmingham, AL; Montgomery, AL; and Jackson, MS. We’ve migrated many businesses over to Office 365, and continue to provide maintenance and security for these clients.

Contact us at 205-277-CARE, or fill out the form below to schedule your free consultation.”



Get a free security consultation
reCAPTCHA is required.



Share This