Increasingly,
fraudsters
are
using
(or
least
attempting
to
use)
the
good
name
of
Biglaw
firms
in
order
to
perpetrate
their
crimes.
According
to
the
British
Solicitors
Regulation
Authority
(SRA)
Scam
Alerts
database,
scams
using
law
firm
names
has
increased
180%
in
three
years.
As
reported
by
American
Lawyer,
the
names
of
Biglaw
firms
are
getting
dragged
in
the
process:
Milbank’s
name
was
misused
in
phone
calls
earlier
this
year
by
fraudsters
posing
as
insurance
agents
linked
to
the
firm,
according
to
the
SRA
Scam
Alerts.
Dechert’s
brand
was
used
on
fake
numbers,
addresses,
a
fraudulent
website,
and
a
forged
agreement
falsely
signed
by
a
real
partner.
And
Latham’s
name
has
cropped
up
in
three
scams
where
the
names
of
real
partners
were
falsely
cited
to
demand
overdue
payments,
the
SRA
site
shows.Linklaters,
Hogan
Lovells,
and
Slaughter
and
May
monikers
have
all
been
misused
in
past
years
as
well,
as
have
Debevoise
&
Plimpton,
Simpson
Thacher
&
Bartlett,
Baker
McKenzie,
and
Ropes
&
Gray.
And
it’s
not
like
it’s
just
a
problem
across
the
pond.
Matthew
R.
Baker,
Baker
Botts’s
San
Francisco-based
privacy
and
cybersecurity
practice
group
chair
says,
“We
are
getting
notices
and
fielding
these
threats
every
day.
Every
single
day.
Law
firms
are
becoming
quite
an
interesting
and
unique
and
ripe
target
right
now
and
I
think
it
is
because
we
represent
a
variety
of
very
very
big
targets,
victims,
and
we
have
so
much
incredibly
confidential
and
proprietary
information.”
These
aren’t
the
only
cybercrimes
facing
Biglaw.
While
law
firm
scams
often
involve
deceiving
people
to
steal
money
or
information,
hackers
use
their
technical
skills
to
break
into
systems,
often
to
steal,
spy,
or
disrupt.
Ransomware
cybercriminals
lock
or
encrypt
their
target’s
data,
usually
with
a
demand
for
payment
to
restore
access.
Kirkland
&
Ellis,
K&L
Gates,
and
Proskauer
Rose
have
all
been
targets
of
a
ransomware
group
known
as
CL0P.
DLA
Piper
was
also
hit
by
a
major
cyber
attack
in
2017
that
knocked
out
phones
and
computers.In
November
2023,
legacy
firm
Allen
&
Overy
was
targeted
by
ransomware
group
LockBit
and
the
firm
was
given
a
deadline
to
pay
a
ransom
to
recover
data
that
the
group
claimed
to
have
stolen.
It
is
not
known
if
the
firm
paid
the
ransom,
but
one
day
before
the
deadline
the
firm’s
name
disappeared
from
the
hacker
group’s
list
of
organisations
it
was
holding
to
ransom.
And
with
the
rise
of
AI,
don’t
expect
the
problem
to
get
better.
As
Baker
said,
“Artificial
intelligence
has
really
given
over
unique
weapons
to
amateurs
and
it
has
allowed
amateurs
and
professionals
to
weaponize
these
kinds
of
TTPs
[Tactics,
Techniques,
and
Procedures].
So
it
has
broadened
the
landscape
for
who
is
a
threat
actor,
and
then
at
the
same
time
it
has
made
those
TTPs—those
types
of
processes—more
varied,
more
sophisticated,
and
it
has
multiplied
them.”
So
even
lawyers
that
don’t
care
for
technology
can’t
ignore
this
growing
problem.
Kathryn
Rubino
is
a
Senior
Editor
at
Above
the
Law,
host
of
The
Jabot
podcast,
and
co-host
of
Thinking
Like
A
Lawyer.
AtL
tipsters
are
the
best,
so
please
connect
with
her.
Feel
free
to
email
her
with
any
tips,
questions,
or
comments
and
follow
her
on
Twitter
@Kathryn1 or
Mastodon
@[email protected].