• Mail
  • Linkedin
  • Twitter
Hire Us
Law and Forensics
  • Home
  • Products
  • Services
    • Cybersecurity Services
      • Assessments
      • Board Consulting
      • Data Governance
      • Due Diligence
      • Financial Institutions
      • Incident Response
      • Investigations
      • Privacy
      • Tabletops
    • eDiscovery Services
      • Consulting
      • Data Preservation
      • Expert Witness
      • Training Practice
    • Forensic Services
      • Cloud Computing
      • Consulting
      • Expert Testimony
      • Internet of Things
      • Investigations
      • Mobile Device
      • Dispute Resolution Services
      • Social Media
      • Server Forensics
  • Insights
  • About Us
  • Search
  • Menu
  • Spearfishing Can Be Stopped Once You Remove The Bait

    INSIGHTS

Law360

Spearfishing Can Be Stopped Once You Remove The Bait

November 29, 2018

By Daniel B. Garrie and Yoav M. Griver

Spearfishing Can Be Stopped Once You Remove The Bait

Spearfishing, whaling, fishing, and all other variations of email scam are plaguing law firms,
businesses (big and small), and any company or individual who uses email.  What is driving this epidemic? The irresistible desire to reply to an email. Irrespective of the defenses deployed – be it software,  controls, tests, and policies – the pull of human nature wins much of the time.

To drive this point home, one needs to look no further than the report issued on October 16, 2018, by the United States Securities and Exchange Commission (“Commission”).  The report summarizes the results of an investigation the Commission had conducted into nine public issuers who were each the victim of cyber-related frauds, totaling more than $100,000,000. The Commission correctly did not fault the victims, but it did note that situation may be symptomatic of a potential larger risk facing companies. The Commission did not find that these companies had done nothing, in fact, the nine companies investigated by the Commission, for example, all “had procedures that required certain levels of authorization for payment requests, management approval for outgoing wires, and verification of any changes to vendor data.” The report demonstrates that spearfishing is rampant today and that the current controls, training, and software are falling short.

It is impossible for companies, large or small, to reduce or eliminate 100% of spearfishing. This is because spearfishing targets human vulnerabilities, as opposed to technical vulnerabilities. Spearfishing preys on the reality that employees are overworked and overwhelmed in the workplace and often react without thinking, in derogation of training and procedure. Employees get tired; employees get tempted to respond to emails quickly to look good; and sometimes life just happens – an employee wants to get to their kid’s soccer game and misses the spoofed email address they are replying to on Friday at 4pm.

To read the full article, go to Law360

Insights

  • I Could Be Prosecuted for Paying Ransomware Ransom! How is that Possible?
  • Best Practices for Remote Advocacy During the Pandemic
  • Mastering Complex Cases: Effective Use of Special Masters in Complex Civil Cases
  • The COVID-19 Impact on Arbitration & How To Navigate Virtual Proceedings
  • Arbitration During A Global Pandemic: How to Properly Leverage Zoom and Similar Platforms to Conduct Arbitration Hearings
  • Employer Best Practices for Monitoring Remote Devices
  • Here’s Why Your Employer May Monitor Your Personal Files On Company Devices
  • Customizing Traditional Models of Mediation to Work in Today’s Covid-19 Environment
  • A Keystroke Causes a Tornado: Applying Chaos Theory to International Cyber Warfare Law

Newsletter

Contact Us

Contact Us
Sales Inquiry
​Press Inquiry
​Speaking Inquiry
Job Inquiry

CYBERSECURITY PRACTICE

Assessments
Board Consulting
Data Governance
Due Diligence
Financial Institutions
Incident Response

Investigations
Privacy
Tabletops

EDISCOVERY PRACTICE

Consulting

Data Preservation
Expert Witness

Training Practice

FORENSICS PRACTICE

Cloud Computing
Consulting
Expert Testimony
Internet of Things
Investigations
Mobile Device
Dispute Resolution Services
Social Media
Server Forensics  

ARTICLES

Browse All Articles

LECTURES

Browse All Lectures

RESOURCES

About Us
Events
Search

Law & Forensics © 2020. All Rights Reserved
  • Privacy Policy
  • Legal Notices
Scroll to top

This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.

OKLearn more

Cookie and Privacy Settings

How we use cookies

We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.

Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.

Essential Website Cookies

These cookies are strictly necessary to provide you with services available through our website and to use some of its features.

Because these cookies are strictly necessary to deliver the website, you cannot refuse them without impacting how our site functions. You can block or delete them by changing your browser settings and force blocking all cookies on this website.

Google Analytics Cookies

These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.

If you do not want that we track your visist to our site you can disable tracking in your browser here:

Other external services

We also use different external services like Google Webfonts, Google Maps and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.

Google Webfont Settings:

Google Map Settings:

Vimeo and Youtube video embeds:

Privacy Policy

You can read about our cookies and privacy settings in detail on our Privacy Policy Page.

Privacy Policy