The Victorian firm thought to have been affected by the latest cyber security assault has hosed down the assertion made by one of its personnel that an email phishing scam is connected to last week’s global cyber incident.
Victoria-based personal injury firm Zaparas Lawyers provided a statement on Friday, confirming that it had not been caught up in the ransomware attack.
The firm said that in the same week as the global cyber assault, one of its company email addresses had been used in a phishing attempt to scam contacts.
“We would like to confirm that Zaparas Lawyers have not in any way been affected by any virus in the past 24 months.
“In regards to the events that occurred on 27 June 2017, an employee at Zaparas Lawyers email address was used to send out a phishing attempt. This incident does not relate in any way to the WannaCry or Petya virus that have been reported in Europe and other parts of the world,” the statement said.
Hackers use phishing as a way to obtain sensitive information, such as passwords or banking details, and to gain access on secure accounts.
Phishing scams are often disguised by a seemingly legitimate webpage or portal, which prompts users to enter personal details and tricks them to provide usernames and passwords to gain entry.
Ransomware attacks however, like last week’s assault which rapidly hit individuals and organisations across 150 countries including global law firm DLA Piper, are different. This attack uses malicious software as a way to prevent access to files. The ransomware threatens that encrypted files will not be decrypted unless a ransom is paid.
Following the dissemination of the offending email from Zaparas Lawyers that was linked to the phishing scam, a member of staff followed up with an apology email to recipients.
In that email the staff member provided an apology and an explanation which incorrectly identified the phishing scam as being part of last week’s global cyber attack.
“The email that was distributed by a Zaparas Lawyers staff member mistakenly attributing the phishing scam email to the global cyber attack should not have been distributed as it was factually incorrect and linked together two events that were not related,” the firm said.
“When we were made aware of the email breach on 27 June 2017, investigations by our IT provider allowed us to very quickly identify that the phishing scam email did not relate to the global cyber attack.”
Zaparas Lawyers added that the email sent containing the phishing attempt had no effect on the operations of the firm’s system and resulted in no downtime.