New Targeted Phishing Campaign Aimed at Law Firms

Our cybersecurity team is tracking a new, highly targeted phishing campaign specifically going after law firms and legal professionals. These attacks are designed to trick recipients into opening fake voicemail messages that secretly install malicious code on their computers.

How the Scam Works

Victims receive an email that looks like a legitimate voicemail notification, often with a message like “You have an expired voicemail” or “New message waiting.”When the link or attachment is opened, it downloads a hidden file that begins installing harmful software behind the scenes.

Once activated, this malicious software:

• Scans the computer and network for sensitive information.

• Maps out connections to servers and other computers.

• Attempts to move deeper into the firm’s systems to access confidential data.

• Connects to external hacker-controlled servers to send stolen data and receive new commands.

This type of attack goes well beyond a typical phishing email. It is a carefully planned intrusion that can give cybercriminals long-term access to your firm’s systems and client data.

Why Law Firms Are Being Targeted

Law firms are a goldmine for cybercriminals. You handle sensitive financial records, legal documents, and client information, all of which can be exploited or sold.This campaign shows that attackers are becoming increasingly sophisticated, using realistic lures and advanced tools to bypass traditional antivirus protections.

What You Should Do

To protect your firm from these targeted attacks, our cybersecurity experts recommend:

1. Be suspicious of unexpected “voicemail” or “message” emails.If you weren’t expecting a voicemail, don’t open it or click any links.

2. Hover before you click.Always check the sender’s email address and hover your mouse over links to verify the real URL.

3. Never download unfamiliar attachments.Even if it looks like a simple audio file or voicemail message, it could launch malicious code.

4. Report suspicious messages immediately.Alert your IT or cybersecurity team so they can block similar threats across the firm.

5. Schedule a cybersecurity review.Shield IT Networks can help identify weak spots and ensure your network and staff are fully protected.

Cyber threats are evolving every day, and law firms continue to be top targets. Taking proactive steps now can help prevent costly breaches and protect both your clients and your firm’s reputation.

👉 Schedule a high-level discovery call with one of our cybersecurity specialists today.