Queensland Law Society

Phishing scams using missed calls

The basis of a phishing scam is simple. The idea is to get you to enter your password or to click a malicious link. This remains the number one way criminals target law firms.

A recent method (successfully employed against a number of law firms) takes the form of a missed call message purportedly from Microsoft. 

The target is the firm’s Office 365 email account, a favourite for cybercriminals. An example appears below, but variants appear regularly.

The golden rule: any link that asks you to enter your own email password is suspicious. Do not follow links in emails or SMS without checking them carefully. An attachment may require a password to open it, but this password will NOT be your own email credentials.



For more information about basic identification of phishing emails see the Lexon free online cyber training. If you have not already done so, it is worth the half an hour it will take to complete (Lexon insured firms only).

To prevent malware successfully attacking your system you should always use the most up-to-date versions of operating systems, browsers and other software. Most of the vulnerabilities used have already been identified and fixed in the latest versions.