Law, PR Firms Increasingly Hacker Targets

Well, at least they know who to turn to for legal help. Or crisis communications.

According to a recent FBI advisory, public relations companies and law firms have increasingly found themselves at the receiving end of sophisticated e-mail attacks from cyber-criminals. The modus operandi: “spear phishing,” a scam in which e-mails appear to come from a trusted source and address victims by name, according to the Associated Press.

The hackers’ goal, according to the AP, is to steal sensitive data linked to large, overseas clients. Usually that happens by way of a malicious attachment that will infiltrate a network upon being opened. Attachments can take the form of anything from a photo to an executable program, the FBI warns.

Though the warning doesn’t specify the exact information hackers are targeting, in the case of law firms this can amount to “really critical, private information,” according to a quote from Bradford Bleier, unit chief with the FBI's cyber division. Thus, the issue is not just one of personal security, but potentially national security as well, Bleier explains.

Though U.S. officials have been hesitant to link cyber-attacks to China, according to the AP, a representative of The SANS Institute, a computer-security organization, tells the news service that the attack compromising a New York City law firm in early 2008 originated there.

Unfortunately, PR and law firm employees aren’t the only ones who’ve been targeted by spear phishing attacks. Cyber-criminals impersonating banks, government agencies and other trusted institutions have e-mailed individuals in attempts either to get them to download attachments or to cull sensitive personal data from them. Check out these tips, courtesy of an April 2009 FBI warning on phishing, if you want to avoid becoming a victim: