It’s Who You Know: Verifying Identity at Law Firms


Trusting identity is foundational to a law firm’s work. In a law office, the documents going back and forth contain sensitive information, and contracts, negotiations, or transactions can't be shared with the wrong parties. The industry needs to be cautious about validating identities.


Legal service providers need to achieve compliance and protect clients and their assets. Techniques are changing as lawyers move from in-person conferences to digital document exchange. This article examines four digital-age areas in which lawyers need to validate identity.


#1 Phishing Scams


Phishing is always a risk, no matter the industry. Paralegals, associates, and lawyers risk inadvertently clicking on malware, especially as this field relies heavily on attached documents going back and forth.


A cybercriminal criminal might steal money copying a vendor’s invoices. Everything looks the same, but payment details put the dollars in the crook's bank account. Or they will send an “urgent” message containing a link that goes to a Web page that looks credible. It might seem to be from a bank or the government, but one character in the URL is different. Those who don’t notice the difference will enter sensitive account details into a form that goes to the bad guy.


Verification tip: Firm-wide filters can check for malicious attachments before they reach people. Educate employees about always verifying the URL before clicking on a link. Hovering over the highlighted text will show the address where a click will take the user.


#2 Business Communication Email Scams


Business communication emails scams also often target law firms. In one example, Jared Kushner’s lawyer exchanged emails with someone imitating the ex-White House aide. Emails from kushner.jared@mail.com prompted the lawyer to share newsworthy information.


Verification tip: At the beginning of an engagement, verify the client's private, secure email address. Always confirm that the sender’s email address is the same as you have on file before responding.


#3 Outgoing Email


Email automation can also lead to problems. The associate allows Outlook to auto-populate the recipient’s email address from the address book. Too busy typing a quick note, he doesn’t confirm that he’s sending it to the right person. But Smith, John is a divorce attorney and Smithson, John is a client at a dental firm. They should not be getting each other’s filings!