State of New Jersey SealOFFICIAL SITE OF THE STATE OF NEW JERSEY

Threat Actors Target Law Firms and Small Businesses with Impersonation Attempts: What to Look For

NJCCIC Alert

Original Release Date: 6/23/2023

Summary

The NJCCIC received an uptick in reports of cyberattacks targeting law firms and small businesses. Threat actors may claim to be a construction company, supplier, or other specialty contractor seeking legal services. In one example, the threat actor included several red flags and conflicting information, such as an incorrect mailing address, email information, and website. At first glance, however, these red flags are inconspicuous and may go unnoticed. Further analysis revealed additional red flags, such as a .org top-level domain (TLD) typically used for nonprofit organizations, and the newly established website included multiple redirects and missing characters – a tactic often used by threat actors to impersonate a legitimate website. This website was able to bypass basic antivirus software, likely due to its recent creation.

Small businesses such as law firms are increasingly targeted by threat actors with the intent to gain access to the vast amounts of sensitive information they manage. A successful cyberattack may allow threat actors to gain access to internal networks and databases in attempts to commit further nefarious activity, such as ransomware attacks, fraud, and theft. As a reminder, common red flags include misspelled email domains and websites, missing characters, and newly created website URLs. Users can quickly check website validity using trusted open-source tools such as VirusTotal, URLScan.io, MXToolBox, IPQualityScore, and the Any.Run sandbox; though, scans are publicly available and, therefore, users should avoid uploading internal files unless the user has a private account.

Recommendations

The NJCCIC recommends users and organizations educate themselves and others on these continuing threats, tactics, and red flags to reduce victimization. Refrain from clicking on any embedded links or attachments, downloading any files, or accepting shared folder invitations from unsolicited or unexpected emails, and exercise caution when responding to unsolicited communications and known senders. Additionally, users are advised to verify the legitimacy of a website using trusted website validation tools. Further information and resources can be found in the NJCCIC products  Don’t Take the Bait! Phishing and Other Social Engineering Attacks and Cybersecurity Best Practices and the Better Business Bureau resource, BBB Tip: How to Identify a Fake Website.

Join & Subscribe

Never miss an update! Sign up for a no cost membership today! Receive up-to-date content and more in our weekly bulletin.

Sign Up

Featured Content

New Jersey Cybersecurity & Communications Integration Cell

2 Schwarzkopf Dr, Ewing Township, NJ 08628

njccic@cyber.nj.gov

OUR COMMITMENT

The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.

Agency Seals of State of NJ, NJOHSP and NJCCIC

STAY CONNECTED:

View our Privacy Policy here.

View our Site Index here.