|Purpose:||To provide guidance for barristers on the potential internet security risks associated with social engineering (phishing) and domain name hijacking|
|Scope of application:||All practising barristers and chambers|
|Issued by:||The Information Technology Panel|
|Status and effect:||Please see the notice at the end of this document. This is not "guidance" for the purposes of the BSB Handbook I6.4.|
It is unfortunately common nowadays for criminals to use what are known as social engineering attacks to obtain personal information which they can use for their own purposes. There are various types of attack: making a telephone call to find out seemingly innocuous information (don’t give the information, just say you’ll call the bank/whoever directly to confirm it, and use the number on your statements!); sending those enticing e-mail invitations inviting us to help recover large amounts of money, providing we give the recipient our bank details; and bogus web sites that look like the online bank or online service we always deal with, but are, in fact, collecting all our passwords and identity details in order to enable the malefactor to access bank or credit card accounts, or other information. We may be familiar with these modes of attack, and the software vendors do try to make it more difficult for attackers to spoof a web site, for instance.
Download: Internet security:Download ( PDF )
This document has been prepared by the Bar Council to assist barristers on matters of information security. It is not “guidance” for the purposes of the BSB Handbook I6.4, and neither the BSB nor bodies regulating information security nor the Legal Ombudsman is bound by any views or advice expressed in it. It does not comprise – and cannot be relied on as giving – legal advice. It has been prepared in good faith, but neither the Bar Council nor any of the individuals responsible for or involved in its preparation accept any responsibility or liability for anything done in reliance on it. For fuller information as to the status and effect of this document, please see here.