Big Game Phishing at M&A Law Firms

The Dallas Business Journal reports that dozens of Texas law firms experience data breaches (read the article here). So Mad Max went to Texas and picked one energy-related M&A firm at random. Guess what? They have "p=none" in their DMARC Enforcement arsenal. Which means that some lowly and overworked clerk in the firm could be easily spearphished, and the bad guys could drop a virus right into their systems. Herewith and pursuant to a little patience, the aforementioned "bad guys" could get inside information on M&A activity.

Don't worry. Texas firm Paul Hastings isn't alone. Utah personal injury ambulance chasers Siegfried and Jenson don't have ANY  DMARC set up at all for their email. And since all the gold in California is in M&A land, phishing doors are wide open at Silicon Valley M&A firm Royse Law ( for you hackers too lazy to Google them). Ditto for Hopkins Carley.

Yes, I could go on. But I don't want my blood pressure to skyrocket at the acres of asses in the legal field. So to you BIG PHISHERS, why go after some poor schlub's debit card info when you can make big bucks trading on inside M&A information? By the way, for your ESL miscreants in Russia and Iran, M&A stands for Mergers and Acquisitions. It's such a painless way to make easy money without the risk or expense of pulling up stakes every time you make a chicken shit score on some old lady's four-digit checking debit card. 

Excuse me. I used the term "chicken shit." For you Iranian entrepreneurs, you may call it "pig shit." Yeah, now you know what I mean. Hey, it takes just as much time to steal $3,427 as it does to steal $10 million. Up your game, comrade or Mohammed Whatevertheheck.

Mad "Where are all the good CISOs" Max


Popular Posts