Stupid Simple Security Tip #7: A Day in the Life of a Cybercriminal

Morning

You wake at 6 am and get ready for work. With a fresh cup of joe in one hand, remote control in the other, you turn on the tube – soaking in today’s top news headlines.

Your job depends on staying up-to-date; leveraging current events helps you connect with your prospects.

You hop on Zoom for your 8:30 am virtual ‘stand-up’ meeting where the team reviews the day’s tasks, goals, and performance expectations.

The newest team member is welcomed, but you’re a bit unimpressed.

His specialty is social media trolling, which isn’t really your thing. That being said, it is “in” right now and he seems to have a good attitude, you can’t help but recall your first day on the job here.

The boss says the numbers are good but slipping a little and it’s important for the team to pick up the intensity a bit to hit this month’s goals.

Afternoon

Given your past success, your boss assigned you the Business Email Compromise (BEC) gig to focus on this quarter, specifically focusing on wire fraud. Your rock for the quarter is to close 5 of these deals.

These are lucrative – averaging about $63,000 per occurrence and can run as high as $1 million dollars.

The job is to leverage Dark Web data to create very targeted emails, BEC scams, where you impersonate key company executives to trick employees into carrying out your requests – specifically to transfer funds for this gig.

This is one of the more people-centered roles, since it takes gathering info from the Dark Web, researching the individuals via their website, LinkedIn and news articles to look for relevant data points.

From there, it’s simple a determination, persistence and, ultimately, a numbers game.

Your organization has a reputation to uphold, so you get to work.

New updates to corporate firewalls have made it a supreme hassle to break into a law firm’s in-house server, so this approach is far easier.

The best part? Highly secured networks and even Macs have no protection against this specific attack approach since there’s no attempt to access a computer or network.

Evening

5 p.m. rolls around, you call it a day on the Business Email Compromise gig.

Your brain’s fried; while it is not very difficult work, it takes a lot of focus and energy to do it well. To dig and find the info other, more novice hackers tend to overlook.

Lying in bed, you check your email before calling it a night and smile ear-to-ear.

A law firm’s intern gave you his work email’s password. There’s an open door to walk into tomorrow!

A successful day’s work! Easy, peasy. Rinse, lather, repeat.

Cybersecurity in the legal field demands pro-active diligence

I characterize cybercrime this way to make a point.

In the legal world, staying proactive – not reactive – to cybersecurity is how to combat organized, persistent online threats.

Cybercriminals don’t wear black hoodies and live in dank, shady basements.

They don’t work in isolation and are not bored geeky high school kids with too much time on their hands.

Real cybercriminals work in an organized fashion. They are ‘real’ businesses just like yours and mine.

They have company goals, key objectives, different roles on the team and metrics to hit.  

They use the same business methodologies as we do to run efficient and profitable businesses.

This level of organization allows them to make over six figures a year scamming people.

If the thieves and fraudsters have a concerted, well-thought plan, shouldn’t your cybersecurity practices be equally thorough?

I hope you answered with a resounding, loud yes.

This hypothetical day in the life of a cybercriminal is not far from reality at all.

However, we are putting the finishing touches on a new solution, specifically for the solo and small firm lawyer who knows they should do something about security but never gets to it.

Why don’t you implement the security measures that would drastically reduce your likelihood of experiencing a data breach?

Too busy to research all the options

Overwhelmed by options and choices

What do you really need?

How much is too much? How much is too little?

Is this just something being sold by the cybersecurity company making the product? Are they just fearing me into buying?

Ultimately, when faced with too many choices, most choose inaction.

“I’ll get to it one day.”

But that day never comes.

You justify that when you get bigger, you will do something about it.

“I’m just a solo lawyer right now.”

“It’s just the three of us right now.”

I have seen many solo and small firm lawyers go through the experience of a data breach and I can tell you firsthand that it is a horrific event to go through.

And it’s one that most people do their best not to share.

The new solution we are developing is based on 14 years of experience in being responsible for the security needs of our legal.

This suite of solutions will provide comprehensive coverage in a turn-key solution.

Most solos and small firm lawyers lack both the time and expertise to research and put together a proper security strategy that will cover you from all angles.

If you’d like to find out more, send me a message and say "SECURITY".