Threat Actors Target Law Firms and Small Businesses with Impersonation Attempts: What to Look For

The NJCCIC received an uptick in reports of cyberattacks targeting law firms and small businesses. Threat actors may claim to be a construction company, supplier, or other specialty contractor seeking legal services. In one example, the threat actor included several red flags and conflicting information, such as an incorrect mailing address, email information, and website. At first glance, however, these red flags are inconspicuous and may go unnoticed. Further analysis revealed additional red flags, such as a .org top-level domain (TLD) typically used for nonprofit organizations, and the newly established website included multiple redirects and missing characters – a tactic often used by threat actors to impersonate a legitimate website. This website was able to bypass basic antivirus software, likely due to its recent creation.
Small businesses such as law firms are increasingly targeted by threat actors with the intent to gain access to the vast amounts of sensitive information they manage. A successful cyberattack may allow threat actors to gain access to internal networks and databases in attempts to commit further nefarious activity, such as ransomware , attacks, fraud, and theft. As a reminder, common red flags include misspelled email domains and websites, missing characters, and newly created website URLs. Users can quickly check website validity using trusted open-source tools such as VirusTotal,, MXToolBox, IPQualityScore, and the Any.Run sandbox; though, scans are publicly available and, therefore, users should avoid uploading internal files unless the user has a private account.