It’s probably safe to say that the days of falling for emails from far off royal princes are behind us. Since then, phishing emails have become more sophisticated, and with the advent of AI, spotting a malicious email isn’t getting any easier. 

This is especially true for businesses in Singapore, which consistently rank among the most targeted in the world. Of major concern is the legal industry, which stands out as particularly targeted by email phishing and impersonation attempts due to their handling of client and financial information.

Singapore’s legal bodies are well aware of this too, often putting out warnings like the one below from the Law Society of Singapore, warning of increasing scam attempts targeting firms in the region.

Whether it’s attackers impersonating clients, bosses, or SaaS platforms, staying vigilant has never been more exhausting for legal personnel who already face long work hours and pressing deadlines from clients. Yet, these same lawyers are expected to act as the last line of defence against harmful messages when security measures fall short.

So how did lawyers find themselves in this position? And what steps are being taken to protect an already vulnerable legal workforce?

Lawyers as inbox gatekeepers

It’s no surprise to anyone that lawyers send and receive a lot of emails every day. Law firms know this, and many small to medium sized firms typically lack the in-house expertise and employ external IT service providers to protect their inboxes from email based threats. 

Despite these measures, the current way most businesses, not just law firms, handle inbox security can involve tinkering with spam filters and forwarding rules. Without the in-house knowledge however, many firms might not even be aware if the IT provider’s strategies are providing adequate protection for what the firm needs. Inevitably, malicious emails still get through and it’s up to lawyers to make the final choice about whether or not to engage with an email that doesn’t look quite right. 

To that end, firms run a variety of exercises in an attempt to arm personnel with the training they need to spot these threats. This can include phishing awareness training where lawyers take precious time out of their crammed schedule to watch a colleague walk through a tired powerpoint presentation.  Another common approach involves sending mock phishing emails to employees in the firm, “testing” individuals to see if they engage. Falling for these fake emails often results in the individual having to receive additional training or in some extreme cases, risk getting fired.  

During these training sessions, employees are often told that they are the greatest threat to the organization. When lawyers are often working long hours, across multiple clients and tight deadlines, catching and reporting phishing emails is another job lawyers should not be expected to perform. 

With phishing rates continuing to rise, firms' approach to combat email-based attacks is just not effective enough.

Are you who you say you are?

Legal firms should be seeking ways to help their teams focus on the work that matters. Beyond the annual training requirements that get skimmed through anyways, firms can leverage technology-led solutions that are looking at this problem from a new angle that hasn’t been used before. 

What if lawyers could be absolutely sure that every email received was coming from the correct person? Today’s opaque, AI-powered email security overlays tend to flag false positives, and the reality is, a well crafted phishing email could still reach team members, despite how much training has been carried out. 

Imagine never having to wait for approval after flagging a suspicious client request to the firm’s IT team or having to ring up the client directly to confirm the email came from them. What if lawyers could directly validate an email through an embedded trust mark that confirms its origins from a device and location that they are expecting it from, and not from some far off prince. 

Mailpass has achieved all of this, by leveraging what people are, instead of who they say they are. In a recent blog post, we already discussed how Mailpass combats impersonation of company SaaS platforms, but how does Mailpass also protect businesses from attackers pretending to be someone they are not?

We’ve built a business email solution that leverages passkeys, making proving who you are easier, and more seamless than ever. With Mailpass, email senders gain the peace of mind that their receivers can trust their email from the moment they hit “send”. In a time where online communication is getting harder to trust than ever before, we believe in a near-future where phishing is not only avoided, but completely eliminated. 

Learn more at mailpass.io, or book a demo with us here to see the platform in action.