This article appeared in Cybersecurity Law & Strategyan ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more.

Consider this scenario: You’re a law firm accountant. Early one morning while reviewing emails, you see a message from the firm’s real estate agent stating that the landlord has agreed to your latest counteroffer and is ready to move forward on the rental of your new office space. You continue discussions to finalize the deal, work on signing the paperwork and are ready to send over your deposit. A new email from the agent at the last-minute mentions changing banks and encloses updated wiring instructions. The email has a sense of urgency to send the information quickly or the deal may fall through. Looking at the email, it appears legitimate, and you’ve done two other deals with this agent in the past, so you feel comfortable with the request. You reply to the message confirming the change, the response says to move forward. And all appears well.