Cyberattacks every lawyer should recognize by name
Jonathan Perez
A single email can undo years of client trust. One click on the wrong link can put privileged documents in the hands of someone halfway around the world. When that happens, the damage is immediate. Cases collapse, reputations suffer, and recovery becomes costly.
Lawyers are prime targets because of what they hold. Client records, financial data, confidential communications, and privileged strategies often have as much value on the black market as they do in court. The pace of legal work, with its tight deadlines, repetitive workflows, and reliance on trusted communication, creates ideal openings for attackers.
These threats are not rare or limited to large firms. They are everyday hazards, ready to strike while drafting a motion, closing a deal, or checking email in an airport lounge. Understanding cyber-attackers’ tactics, knowing the types of attacks, and recognizing warning signs is the first step toward preventing a breach that can upend a practice.
Phishing / Whaling
Phishing is a fraudulent message disguised to look legitimate, designed to trick the recipient into clicking a malicious link or surrendering sensitive data. Whaling is phishing aimed at high value targets, impersonating senior leaders to increase pressure and credibility.
Example: A junior associate gets an email that appears to be from the managing partner: “Wire $42,000 to this account before 3 p.m. to settle the deal with the client. I’m boarding a flight. Don’t delay.” The formatting matches firm emails exactly, except for a single letter in the sender’s address. Without noticing, the associate initiates the transfer, only to find out later it went straight to a criminal’s account.
Trojan Malware (via Email)
A trojan is malicious software hidden in a file that looks harmless, such as a PDF, Word document, or spreadsheet. Opening it can give attackers access, install ransomware, or create a backdoor for later entry.
Example: An attorney receives an email from a “potential client” with a PDF engagement letter attached. The document opens blank. Minutes later, the computer slows, files vanish, and IT discovers the trojan has already sent the firm’s case files and email archives to an offshore server.
Brute Force Attack
A brute force attack uses automated tools to guess passwords through rapid-fire combinations, often targeting credentials exposed in past data breaches. Weak or reused passwords are more vulnerable to this kind of attack.
Example: A paralegal uses the same password for their bar association login and the firm’s portal. When the bar’s database is hacked, attackers use their credentials to log into the firm’s system and download confidential case files before anyone notices.
Session Hijacking
Session hijacking is when an attacker steals a user’s “session token,” an identifier used by websites to indicate the user has already logged on and doesn’t need to enter their password again. Public wi-fi is a common hunting ground for this kind of attack.
Example: At a coffee shop, an attorney logs into the firm’s cloud drive without a VPN. A hacker on the same network intercepts the session token and spends the afternoon pulling client documents, billing records, and privileged emails — undetected until it’s too late.
Jonathan Perez is a 3L at Ave Maria School of Law with an IT background and a Cisco Certificate in Ethical Hacking. This column is presented by The Florida Bar Cybersecurity & Privacy Law Committee. The information provided is for general informational purposes only and does not constitute legal advice. Attorneys should conduct their own analysis and consider all relevant facts and circumstances for their clients’ specific situations.
