Practical tips for avoiding Phishing and Sloshing attacks
Jade Davis
Phishing and Sloshing (fraudulent redirection of wire transfers or settlement funds) remain two of the most damaging threats facing lawyers and their clients. Both target trust and timing — two things central to legal practice. A few practical steps can help mitigate these risks:
Phishing Prevention:
- Pause before clicking. Hover over links in emails to confirm legitimacy.
- Use multi-factor authentication (MFA). Even if credentials are stolen, MFA creates an extra barrier.
- Train staff regularly. Phishing tests and awareness campaigns reduce click-through rates dramatically.
- Segregate email accounts. Don’t mix personal and professional accounts across devices.
Sloshing/Wire Fraud Prevention:
- Confirm via phone. Always call known contacts (using a verified phone number, not the one in the email) before changing wire instructions.
- Use secure portals. Avoid sending wire instructions by email; leverage encrypted file sharing instead.
- Adopt dual-approval processes. Require at least two authorized individuals to review and approve transfers.
- Monitor accounts daily. Early detection is often the difference between recovery and permanent loss.
By embedding these steps into daily operations, firms reduce exposure to two of the costliest cyberattack methods.
Jade Davis is a partner, technology, data privacy, cybersecurity, and AI national service line leader with Shumaker, Loop & Kendrick and co-chair of The Florida Bar Cybersecurity & Privacy Law Committee. The information provided is for general informational purposes only and does not constitute legal advice. Attorneys should conduct their own analysis and consider all relevant facts and circumstances for their clients’ specific situations.
