Tell me you have no awareness without telling me you have no awareness.

Lawyers should not be managers. Simple.

Bunch of Shights.

Wow, they really doubled down with the slap in the face with the spokeperson's comment. 

ROF - Why don't you give the spokeperson's name?

That is very funny. 

Dave Brent thinks of a wonderful phishing lesson for the employees after reading a little more from a self-help management book he picked up at the airport.

Watch the hilarious capers unfold as Brent again fails to read the room and demonstrates why nobody should ever consider joining his hapless company. 

Serves you right for opening a phishing email, to be be fair.

Cybercriminals don't "read the room" they send you whatever is most likely to get you to click the infected link.

Which, if you're a desperate underpaid associate wasting their life at a dreadfully managed provincial firm which you should have left a year ago, is an email telling you that you're going to be paid marginally more than your current pitiful wage.

The day Knights inevitably collapses like Ince and Plexus will be a brilliant day

I blame the staff for believing that Knights would give them a decent pay rise.

D*ck move. Even the NCSC says this type of phalse phishing exercise shouldn't be undertaken as it very hard for the recipient to know if the email is fake or not.

What was the idea here? That Knights' staff should have known it as fake as their firm would never give them a proper pay rise?

Controlling behaviour takes a number of forms.

Get out now. 

"it very hard for the recipient to know if the email is fake or not"

That's the point you muppet.

It's to teach you to spot fake emails, which is hard unless you've learned how.

I hate to break it to you, but cybercriminals don't label their attempts to steal the contents of the client account with banners reading "This is a scam. Only click the link if you want to lose a few million quid, suffer enormous reputational harm, and spend several weeks telling the SRA all about it".

But why not pick a topic that isn’t obviously going to be a massive sore point?

There must be plenty that people would still click on. 

‘Client conflict alert’

’New office entry procedures - important’

‘Latest acquisition announced’

’Job losses imminent’ ok maybe not that one 

Colossal mistake by Hr and leaders (they can blame each other when the dust settles). 
 

Yeah, technically scams can use all sorts of scenarios but choosing to use one based on a false pay rise - especially 10% plus - in this climate - with the reputation of this particular firm -  is just reckless - and not pausing to think about the impact and disappointment this will have on staff. Expect plenty of complaints and people coming to their senses by leaving.. or maybe that is the point? 
 

So which manager has the balls to fess up to this f* up? 

The only good thing about working at Knights is that I get a strong sense of satisfaction of knowing that I don't work at Skaddens.

They make you come in to the office there you know. And they only give you £200k to make up for it.

Barbaric stuff.

They won't be able to get the staff for much longer. You'll see!

Surely the staff should have known that their pay would not be increased as Knights has to maintain its dividend to prevent its share price collapsing again.

Poirot would not have been fooled and would have sent an email to management saying something like;

”You are trying to bulls*it Poirot.  You are a greedy unprincipled bas*ard who would never award generous pay rises leading me to conclude, this email is a scam”

Next phishing email:

"The management team have decided to repay staff the 10% taken from their salaries without consent during the first Covid-19 wave. In addition we will no longer be providing Dominos pizza in lieu of bonuses and pay rises as we are a listed law firm and not a branch of Sports Direct. Please click the link to acknowledge receipt."

@Anonymous 09 June 23 10:29

>Even the NCSC says this type of phalse phishing exercise shouldn't be undertaken as it very hard for the recipient to know if the email is fake or not.

No. This was not had. The sender was, as the article notes, "[email protected]". In that respect it was easier than the phishing attempts that use internal looking addresses. The scenarion was realistic as the volume of anger proves. Phishers always aim to tap into hot topics and salary rises is a low hanging fruit we all know will be opened with (too) great haste.

But why not pick a topic that isn’t obviously going to be a massive sore point? There must be plenty that people would still click on. 

We have the fake headhunter mails . But the fishing tests are always Fridays between 6-7pm. 

So cyber crims read ROF to better reach their targets. That's the sort of thinking a firm like Knights could use...

Of all the choices in the world to use, this is amongst the worst.  They did it I imagine to get people to read it, but there are better ways.  For example, “click here if you want a free lunch voucher” would have similarly triggered interest without the dire consequences.  Totally tone deaf. 

@5PQE I, for one, cannot wait to see that day and it'll be well deserved

Not only is this just ridiculous, only absolute idiots and dinosaurs think that sending your staff a fake phishing email is a good idea.  

All of those suffering from Stockholm Syndrome will believe that they all consented to the 10% pay deduction at the start of Covid.  Even those who made that decision and know it to be a lie, have convinced themselves it’s true.  So much so that they unflinchingly make such false claims in Employment Tribunal proceedings.

Soon they will all conclude that the phishing email was the right thing to do and it was for their own good.  And so it goes on and on. 

Two dreadful stories about Knights in RoF on the same day!  Both stories show a complete lack of self-awareness on the part of those running the business.  This is not a firm I would ever instruct, sell to, or want to join.

Fantastic work from Big Dave. For his next phishing extravaganza, he’ll be sending a firmwide email to offer lucky staff a virtual tour of his mansion and 24ct gold cufflink collection. 

At least they are consistent.

We’ve had stories like this coming out for about 4 or 5 years now. 

Just leave as soon as you can. It will not get better. 

Completely unacceptable. Have they no idea how many bills people have to pay, even childcare alone can be £20,000 a year per baby. A pay rise is not something to mess around over.

Am I booked for next year? 

Next phishing email:
You can all eat French Fries now.

Eating FF on any Knights site is verboten. Weird. 

Pretty sure they sent a phishing email asking for feedback on how it was to work for Knights a few months ago…

so, lawyers should look out for; typos, incorrect email addresses, notes of urgency and messages about decent salary increases and requests for feedback that might actually lead to improvements at knights, as these things probably suggest a scam 

fortunately, I realised they would never want to hear feedback so I promptly forwarded on to IT to show them I knew it must be a hoax and claim my golden star/turd

Law firms are the absolute pits. So glad I don’t work in one anymore! 

Appalling 

The gift that just keeps on giving.

A bottomless pit of comedy.

What joy will this hapless bunch bring to the masses, next? 

Now remember you’re not allowed to eat in the office!

@regional firm’s fake phishing email 09 June 23 12:35

Not only is this just ridiculous, only absolute idiots and dinosaurs think that sending your staff a fake phishing email is a good idea.  

Would you have preferred a genuine phishing email?

I am genuinely puzzled by this. The email address seen in that pic is clearly fake. There is this warning in bold that the msg originated outside of Knights. And yet people open the attachment?

I guess this story only highlights how easy it is to phish lawyers!

This just goes to show the lawyers attention to detail there is zero, and then moan when caught.

I for one wouldn't instruct them.

Well done to the IT/HR teams, ithink it was genuis.

Wombles asks Knights to take it over to sort its culture out. 

@Hobbes 11 June 23 07:19

And the calibre of lawyers which knights produces / retains…

@Anonymous 09 June 23 11:23

‘No. This was not had. The sender was, as the article notes, "[email protected]". In that respect it was easier than the phishing attempts that use internal looking addresses. The scenarion was realistic as the volume of anger proves. Phishers always aim to tap into hot topics and salary rises is a low hanging fruit we all know will be opened with (too) great haste’.

Hope you’re not the HR person behind this - but if you are - you’re still missing the point. You might technically be right in that scammers will try to mimic realistic situations but by doing this, you are showing the firm has FA knowledge about employee relations.. or kindness. Seriously, WTF.
 

The fallout might in fact be less serious if this had been a real scam. In that situation, you’d take a financial hit but would still have employees behind you..  

@Hobbes 11 June 23 07:19

HR and benefits are often external services so a non-firm email wouldn’t be surprising for this kind of thing. What’s more, standard spam filters should mean that this kind of email from wide can only come from a legit source - so even more reason for staff to not suspect it. 

What a sh’’show!!
 

Comms re benefits,pension etc all come from an external email like this. Cruel topic to choose to test staff, why not use “ urgent - entry to building procedure” “ . A lot of the support staff are on minimum wage, lateral hires, lawyers don’t get pay rises for years. I get the economics but this was just cruel. Remember the old adage of wages = 3 time fee income, it’s more like 7 here for existing staff. Some really good lawyers and staff at knights, who they don’t deserve!!!! 

To @10:40 and the other amateur cyber security experts out there, read "I'm gonna stop you, little phishie..." by the NCSC.

Until then please keep your over-confident but ill-informed views to yourself.

I can see the briny water already lapping over the top of Knights' deck 

That share price remains scabby.  No matter what they do, they can’t get it back over a £.
The market knows it’s a scabby dog.  

Well done law firm for putting security front and centre regardless of sensitivities or timing.  Better doing it this way then an annual online course we all just click through at speed. 
 

phishing is supposed to trick/hook you like this. 

@@@ Anon 15 June 23 14:31

Get some perspective.

This isn’t a sensitivity issue.

This is like choosing a fake payrise or promotion email on 1 April to use as an April fool’s joke. It’s thoughtless. It’s reckless. And it’s unnecessarily antagonistic.

If you, HR or anyone else fails to see that, please make sure you are NEVER in a position to manage someone else. You’re a walking claim waiting to happen. 

@Out of touch 11 June 23 17:58

>Hope you’re not the HR person behind this - but if you are - you’re still missing the point. You might technically be right in that scammers will try to mimic realistic situations but by doing this, you are showing the firm has FA knowledge about employee relations.. or kindness.

I am not in HR but 20 years ago I had a short stint in security. Phishing is only and I am deeply concerned to see highløy trained peopel fall for a rather blatant attempt. Phising does not follow any gentlemen's agreement, rather they are often Russian operations. In fact, the whole doubling down seen here makes me wonder how many have fallen for genuine scams already.