Four common hacker tactics for firms to have on the watchlist
Extech Cloud shares key risk prevention measures to protect your law firm against email-based cyberattacks including phishing, session hijacking, malicious attachments and email spoofing
Email is vital for legal communication but it’s also a top target for cybercriminals — while law firms invest in security tools, the inbox often remains exposed.
Here are four common email-based tactics hackers use to target law firms, and what you can do to reduce your risk.
Phishing attacks
Phishing is a common and damaging threat that tricks law firm staff into revealing sensitive data by exploiting trust and urgency.
How it works:
Attackers impersonate trusted contacts such as clients, opposing counsel, court clerks or senior partners. Emails often contain urgent requests, such as clicking a link, downloading a file or confirming login details — these messages may appear highly convincing, using familiar language, branding or even previous email threads.
These types of attacks can pose significant risks for law firms, like:
- Unauthorised fund transfers to fraudulent accounts
- Exposure of confidential client data and case files
- Breach of internal systems and legal document repositories
Prevention measures include:
- Conducting regular phishing awareness training for all staff
- Using intelligent email filtering tools that flag suspicious messages
- Encouraging a ‘pause and verify’ culture before responding to urgent requests
Session hijacking
Session hijacking lets attackers silently take over active logins, posing serious risks to law firms handling sensitive client data.
How it works:
Hackers intercept session tokens used to keep users logged into web applications — once hijacked, attackers can impersonate the user and access their email, cloud storage or case management systems. Furthermore, no password is required, making detection more difficult.
These types of attacks can pose significant risks for law firms, like:
- Reading or redirecting confidential communications
- Issuing fraudulent instructions to clients or colleagues
- Accessing privileged legal documents and case notes
Prevention measures include:
- Enable multi-factor authentication (MFA) across all systems
- Monitor login activity for unusual behaviour or geographic anomalies
- Regularly update software and browsers to patch vulnerabilities
Malicious attachments
Malicious attachments are a common way hackers deliver malware, and law firms are especially at risk due to the high volume of document sharing.
How it works:
Generally, malware is embedded in seemingly legitimate files such as PDFs, Word documents or scanned images — one click can install ransomware, spyware or backdoor software. The malware may remain dormant before activating, making it harder to trace.
These types of attacks can pose significant risks for law firms, like:
- System lockdowns and ransom demands
- Theft of sensitive data and client records
- Breach of compliance with data protection regulations
Prevention measures include:
- Using advanced email filtering to scan attachments for hidden threats
- Training staff to be cautious with unexpected or unsolicited files
- Maintaining strong backup protocols and disaster recovery plans
Email spoofing
Email spoofing tricks recipients by faking sender addresses, often leading to financial loss or data breaches in law firms.
How it works:
Attackers manipulate the ‘From’ field in an email to impersonate a barrister, client or supplier. The email may request urgent action, such as transferring funds or sharing confidential documents — these spoofed emails often bypass basic spam filters and appear legitimate.
These types of attacks can pose significant risks for law firms, like:
- Financial fraud and unauthorised payments
- Loss of client trust and professional credibility
- Exposure of privileged communications and legal strategies
Prevention measures include:
- Implementing DMARC, SPF and DKIM protocols to authenticate email sources
- Verifying unusual requests via phone or secondary communication channels
- Educating staff on recognising spoofed emails and reporting them
