The person claiming to be IT support may be the cybersecurity incident. A receptionist is told that a technician has arrived to fix an attorney’s laptop before a filing deadline. The technician appears calm and says the visit will take only a few minutes. In an IT support impersonation attack on law firms, that ordinary moment is when verification matters, before someone reaches a device containing client correspondence, draft pleadings, settlement records, or billing information.

Most support requests are legitimate, and staff need technical help without delay. The problem arises when an unexpected caller or visitor relies on urgency and professional appearance to gain access before the firm confirms who sent them and what they intend to do.

LLM Summary

- Law firms should verify unexpected physical or remote IT support requests before granting device access. - Impersonation attempts can involve fake technicians, remote access tools, or requests to insert storage devices. - Staff should use a known support channel, not contact details supplied by the visitor or caller. - Managed IT support gives the firm a clear verification route when urgent requests appear during a busy legal workday.

What the FBI Reported About Silent Ransom Group and Law Firms

In a Private Industry Notification dated 23 May 2025, the FBI warned that Silent Ransom Group, also known as Luna Moth, Chatty Spider, and UNC3753, targeted law firms using information technology-themed social engineering calls. The FBI reported that the group sent an individual posing as an IT support employee to access a computer in person and insert a storage device to steal sensitive data for extortion.

The FBI also described activity in which a victim was directed to call about a false subscription charge, then sent a link that downloaded remote access software. After obtaining access, the attackers sought information to remove from the victim’s system and later issued ransom demands threatening to sell or publish stolen data.

The FBI identified unsolicited calls from people claiming to work in a law firm’s IT department, unauthorized people attempting to access computers while claiming to be IT support, and unauthorized downloads of remote access tools as possible indicators. These signs do not prove an attack, but each gives staff a reason to pause and verify the request.

Why a Fake IT Support Request Can Seem Ordinary

Law firm technology problems often appear urgent. An attorney may be preparing an electronic filing, retrieving a signed settlement document, joining a client call from a malfunctioning laptop, or accessing files while traveling. A person offering a quick fix can appear helpful when staff are trying to prevent delay.

The requested access may expose more than the immediate computer problem. A storage device can be used to remove files, while unapproved remote access software can let someone outside the firm view or copy material after the call ends. Verification should therefore be part of ordinary support, rather than a response reserved for an obvious threat.

What to Verify Before a Technician Touches a Computer

When an individual arrives claiming to be from IT support, staff should keep that person away from workstations and restricted areas until the visit is confirmed. Reception or office administration should contact the firm’s designated IT contact through a phone number, portal, or email address already held by the firm, rather than using details supplied by the visitor.

The firm should confirm the technician’s name, the represented company, the person who authorized the visit, the device involved, and the planned task. If the request includes inserting a storage device, taking custody of a laptop, or connecting equipment to the network, that detail should be specifically approved before work begins.

A visitor who cannot be verified should not inspect a device, access an office, or wait beside an unattended computer. Staff should record the date, time, name used, stated purpose, and any equipment involved, then escalate the approach promptly to the administrator, managing partner, or designated IT contact.

What to Verify Before Remote Access or Software Installation

An unexpected call from someone claiming to be in IT requires the same process, even when the caller knows the employee’s name or computer issue. Staff should end the call, then contact their known IT support channel to confirm that a support request exists and the named person is assigned to it.

Employees should not install remote access software, follow links, disclose authentication codes, or approve screen sharing solely because a caller describes the matter as urgent. The same rule applies when an attorney is travelling or concerned about a deadline, because the files exposed could include client identity documents, confidential emails, or filing materials.

If the request cannot be verified, employees should preserve relevant call details, voicemail messages, emails, and links, then report the incident internally. Prompt escalation gives the law firm and its IT contact an opportunity to review whether anyone else received a similar approach or approved access.

A Verification Procedure Staff Can Follow During a Busy Day

A practical policy should tell every staff member how IT identifies itself, how unexpected requests are checked, and who may approve physical device access or remote support. The FBI recommended that firms develop and communicate policies on how the company IT authenticates itself to employees, verify credentials for people entering firm spaces, maintain regular backups, and implement two-factor authentication for employees.

Staff needs a known telephone number or ticketing channel, a rule that unscheduled physical and remote access remain on hold until confirmed, and an internal contact for suspicious requests. Training should include attorneys and senior staff, because travel, hearings, and filing dates can lead any employee to approve a request too quickly.

How Law Firm Managed IT Support Helps Staff Confirm Requests

Law firm managed IT support can give employees a defined verification route before they allow a technician to touch a device or a caller to connect remotely. Instead of relying on appearance or urgency, a staff member can contact the known provider channel and ask whether the visit, software instruction, or remote session was authorized.

AKAVEIL TECHNOLOGIES provides managed IT support for law firms and can help establish a practical support relationship shaped around the firm’s work. That relationship does not prevent every social engineering attempt, but it gives staff a known place to confirm instructions before access is provided.

FAQs

Should staff allow an unexpected technician to access a computer?

No. Staff should first verify the visit through a known firm-approved IT contact or support channel before allowing any access to devices or restricted areas.

What should employees do if a caller asks them to install remote access software?

Employees should pause, end the call if needed, and confirm the request through the firm’s known IT support channel before installing software or approving screen sharing.

Why are law firms vulnerable to IT support impersonation?

Law firms often operate under deadline pressure, and attackers can use urgency, professional appearance, and technical language to make an unexpected request seem routine.

Discuss Managed IT Support for Your Law Firm

An IT support impersonation attack on law firms can begin with a request that seems routine enough to approve quickly. A written verification process, staff awareness, and a known support channel help the firm respond without allowing office pressure to override access controls.

To discuss law firm managed IT support and verification procedures, contact AKAVEIL TECHNOLOGIES by calling 833-571-2652, writing to info@akaveil.com, or visiting akaveil.com.

IT Support Impersonation Attack on Law Firms: What Staff Should Verify Before Granting Access