knights laugh

"You've got a pay rise...Not really! Joke's on you!"


Delight turned to anger at Knights after lawyers were sent emails awarding them pay rises which turned out to be a phishing test.

A recent round of pay reviews at the listed firm went down “very poorly” according to insiders, who told RollOnFriday that many partners received zero uplift while numerous other lawyers received “tiny percentages on already way-below-market rates”.

So the jubilation was palpable when staff received emails purporting to be from Knights’ HR team acknowledging that a review had determined that they were in fact entitled to a substantial pay rise. 

“After assessing the current salary structure as provided under the terms of your employment, it was discovered that you are due for a [double digit percentage] annual salary increase beginning in the upcoming fiscal quarter”, stated the email from [email protected].

“The details of your salary increase are enclosed in the attached document”, it read, requesting that recipients check the document to confirm the details were correct.

But when they opened the attachment, they were informed that the email was fake, and warned that they had fallen for the kind of phishing scam which, if it had been the work of cybercriminals, could have resulted in the theft of sensitive information.

It might have been better for everyone if the exercise had been the work of scammers. The awareness test went down “like a lead balloon” and prompted “strongly worded emails, partners threatening to leave and incredulity”, according to a source.

It was tempered with amusement amongst some Knights staff who didn’t find it “remotely surprising” that management could “misread the room to such an extent”.

A spokesperson for Knights was unapologetic for trolling their own staff, telling RollOnFriday, “We take cyber security very seriously so engage a number of third party providers to guard against continually evolving threats. Our phishing campaigns are run by a third party provider, which bases its scenarios on the phishing attempts that are prevalent currently, to make them as realistic as possible. Unfortunately, they are seeing a rise in phishing attempts based on pay rises and this prompted the theme of this campaign”.


LawyerUp lets top firms contact your app, without middlemen, when they like you for a vacancy. Tap to take it further, or to dismiss them. Grab it on the App Store and Google Play.

Tip Off ROF

Comments

Anonymous 09 June 23 09:21

Tell me you have no awareness without telling me you have no awareness.

Anon 09 June 23 09:36

Lawyers should not be managers. Simple.

Anonymous 09 June 23 09:47

Wow, they really doubled down with the slap in the face with the spokeperson's comment. 

ROF - Why don't you give the spokeperson's name?

The Office - The latest script 09 June 23 10:09

Dave Brent thinks of a wonderful phishing lesson for the employees after reading a little more from a self-help management book he picked up at the airport.

Watch the hilarious capers unfold as Brent again fails to read the room and demonstrates why nobody should ever consider joining his hapless company. 

 

Anonymous 09 June 23 10:11

Serves you right for opening a phishing email, to be be fair.

Cybercriminals don't "read the room" they send you whatever is most likely to get you to click the infected link.

Which, if you're a desperate underpaid associate wasting their life at a dreadfully managed provincial firm which you should have left a year ago, is an email telling you that you're going to be paid marginally more than your current pitiful wage.

5PQE 09 June 23 10:14

The day Knights inevitably collapses like Ince and Plexus will be a brilliant day

#oneteam 09 June 23 10:25

I blame the staff for believing that Knights would give them a decent pay rise.

 

Anonymous 09 June 23 10:29

D*ck move. Even the NCSC says this type of phalse phishing exercise shouldn't be undertaken as it very hard for the recipient to know if the email is fake or not.

What was the idea here? That Knights' staff should have known it as fake as their firm would never give them a proper pay rise?

Anonymous 09 June 23 10:39

Controlling behaviour takes a number of forms.

Get out now. 

Anonymous 09 June 23 10:40

"it very hard for the recipient to know if the email is fake or not"

That's the point you muppet.

It's to teach you to spot fake emails, which is hard unless you've learned how.

 

I hate to break it to you, but cybercriminals don't label their attempts to steal the contents of the client account with banners reading "This is a scam. Only click the link if you want to lose a few million quid, suffer enormous reputational harm, and spend several weeks telling the SRA all about it".

Anonymous 09 June 23 10:48

But why not pick a topic that isn’t obviously going to be a massive sore point?

There must be plenty that people would still click on. 

‘Client conflict alert’

’New office entry procedures - important’

‘Latest acquisition announced’

’Job losses imminent’ ok maybe not that one 

Out of touch 09 June 23 10:58

Colossal mistake by Hr and leaders (they can blame each other when the dust settles). 
 

Yeah, technically scams can use all sorts of scenarios but choosing to use one based on a false pay rise - especially 10% plus - in this climate - with the reputation of this particular firm -  is just reckless - and not pausing to think about the impact and disappointment this will have on staff. Expect plenty of complaints and people coming to their senses by leaving.. or maybe that is the point? 
 

So which manager has the balls to fess up to this f* up? 

Anonymous 09 June 23 10:59

The only good thing about working at Knights is that I get a strong sense of satisfaction of knowing that I don't work at Skaddens.

They make you come in to the office there you know. And they only give you £200k to make up for it.

Barbaric stuff.

 

 

They won't be able to get the staff for much longer. You'll see!

Poirot 09 June 23 11:02

Surely the staff should have known that their pay would not be increased as Knights has to maintain its dividend to prevent its share price collapsing again.

Poirot would not have been fooled and would have sent an email to management saying something like;

”You are trying to bulls*it Poirot.  You are a greedy unprincipled bas*ard who would never award generous pay rises leading me to conclude, this email is a scam”

 

Brampton Beaver 09 June 23 11:14

Next phishing email:

"The management team have decided to repay staff the 10% taken from their salaries without consent during the first Covid-19 wave. In addition we will no longer be providing Dominos pizza in lieu of bonuses and pay rises as we are a listed law firm and not a branch of Sports Direct. Please click the link to acknowledge receipt."

Anonymous 09 June 23 11:23

@Anonymous 09 June 23 10:29

>Even the NCSC says this type of phalse phishing exercise shouldn't be undertaken as it very hard for the recipient to know if the email is fake or not.

No. This was not had. The sender was, as the article notes, "[email protected]". In that respect it was easier than the phishing attempts that use internal looking addresses. The scenarion was realistic as the volume of anger proves. Phishers always aim to tap into hot topics and salary rises is a low hanging fruit we all know will be opened with (too) great haste.

Edd China 09 June 23 11:27

But why not pick a topic that isn’t obviously going to be a massive sore point? There must be plenty that people would still click on. 

We have the fake headhunter mails smiley. But the fishing tests are always Fridays between 6-7pm. 

Dearie 09 June 23 11:54

So cyber crims read ROF to better reach their targets. That's the sort of thinking a firm like Knights could use...

Anon 09 June 23 12:06

Of all the choices in the world to use, this is amongst the worst.  They did it I imagine to get people to read it, but there are better ways.  For example, “click here if you want a free lunch voucher” would have similarly triggered interest without the dire consequences.  Totally tone deaf. 

Knights are not #oneteam 09 June 23 12:25

@5PQE I, for one, cannot wait to see that day and it'll be well deserved

regional firm’s fake phishing email 09 June 23 12:35

Not only is this just ridiculous, only absolute idiots and dinosaurs think that sending your staff a fake phishing email is a good idea.  

Gaslighting 09 June 23 13:26

All of those suffering from Stockholm Syndrome will believe that they all consented to the 10% pay deduction at the start of Covid.  Even those who made that decision and know it to be a lie, have convinced themselves it’s true.  So much so that they unflinchingly make such false claims in Employment Tribunal proceedings.

Soon they will all conclude that the phishing email was the right thing to do and it was for their own good.  And so it goes on and on. 

A great advertisement 09 June 23 13:44

Two dreadful stories about Knights in RoF on the same day!  Both stories show a complete lack of self-awareness on the part of those running the business.  This is not a firm I would ever instruct, sell to, or want to join.

 

Former Shights casualty 09 June 23 15:56

Fantastic work from Big Dave. For his next phishing extravaganza, he’ll be sending a firmwide email to offer lucky staff a virtual tour of his mansion and 24ct gold cufflink collection. 

Knights Escapee 09 June 23 16:46

At least they are consistent.

We’ve had stories like this coming out for about 4 or 5 years now. 

Just leave as soon as you can. It will not get better. 

Lydia 09 June 23 18:10

Completely unacceptable. Have they no idea how many bills people have to pay, even childcare alone can be £20,000 a year per baby. A pay rise is not something to mess around over.

Billy Flywheel 09 June 23 18:38

Am I booked for next year? 

Anonymous 09 June 23 18:52

Next phishing email:
You can all eat French Fries now.

Eating FF on any Knights site is verboten. Weird. 

Shout out to my ex 09 June 23 20:59

Pretty sure they sent a phishing email asking for feedback on how it was to work for Knights a few months ago…

so, lawyers should look out for; typos, incorrect email addresses, notes of urgency and messages about decent salary increases and requests for feedback that might actually lead to improvements at knights, as these things probably suggest a scam 

fortunately, I realised they would never want to hear feedback so I promptly forwarded on to IT to show them I knew it must be a hoax and claim my golden star/turd

 

Inhouse 09 June 23 21:00

Law firms are the absolute pits. So glad I don’t work in one anymore! 

The Legend of Throbber Beech 10 June 23 09:16

The gift that just keeps on giving.

A bottomless pit of comedy.

What joy will this hapless bunch bring to the masses, next? 

 

Window blind audit committee 10 June 23 17:15

Now remember you’re not allowed to eat in the office!

Anonymous 10 June 23 18:22

@regional firm’s fake phishing email 09 June 23 12:35

Not only is this just ridiculous, only absolute idiots and dinosaurs think that sending your staff a fake phishing email is a good idea.  

Would you have preferred a genuine phishing email?

 

Hobbes 11 June 23 07:19

I am genuinely puzzled by this. The email address seen in that pic is clearly fake. There is this warning in bold that the msg originated outside of Knights. And yet people open the attachment?

I guess this story only highlights how easy it is to phish lawyers!

Run away 11 June 23 13:15

This just goes to show the lawyers attention to detail there is zero, and then moan when caught.

I for one wouldn't instruct them.

Well done to the IT/HR teams, ithink it was genuis.

Knightinshinningarmour 11 June 23 14:09

Wombles asks Knights to take it over to sort its culture out. 

Anon 11 June 23 16:47

@Hobbes 11 June 23 07:19

And the calibre of lawyers which knights produces / retains…

Out of touch 11 June 23 17:58

@Anonymous 09 June 23 11:23

‘No. This was not had. The sender was, as the article notes, "[email protected]". In that respect it was easier than the phishing attempts that use internal looking addresses. The scenarion was realistic as the volume of anger proves. Phishers always aim to tap into hot topics and salary rises is a low hanging fruit we all know will be opened with (too) great haste’.

Hope you’re not the HR person behind this - but if you are - you’re still missing the point. You might technically be right in that scammers will try to mimic realistic situations but by doing this, you are showing the firm has FA knowledge about employee relations.. or kindness. Seriously, WTF.
 

The fallout might in fact be less serious if this had been a real scam. In that situation, you’d take a financial hit but would still have employees behind you..  

 

Out of touch 11 June 23 18:06

@Hobbes 11 June 23 07:19

HR and benefits are often external services so a non-firm email wouldn’t be surprising for this kind of thing. What’s more, standard spam filters should mean that this kind of email from wide can only come from a legit source - so even more reason for staff to not suspect it. 

What a sh’’show!!
 

 

 

 

Knights HR comms 12 June 23 13:42

Comms re benefits,pension etc all come from an external email like this. Cruel topic to choose to test staff, why not use “ urgent - entry to building procedure” “ . A lot of the support staff are on minimum wage, lateral hires, lawyers don’t get pay rises for years. I get the economics but this was just cruel. Remember the old adage of wages = 3 time fee income, it’s more like 7 here for existing staff. Some really good lawyers and staff at knights, who they don’t deserve!!!! 

Anonymous 12 June 23 14:45

To @10:40 and the other amateur cyber security experts out there, read "I'm gonna stop you, little phishie..." by the NCSC.

Until then please keep your over-confident but ill-informed views to yourself.

Seasick and ready to sink 12 June 23 19:37

I can see the briny water already lapping over the top of Knights' deck 

Blue Horseshoe loves scabby dogs 13 June 23 09:00

That share price remains scabby.  No matter what they do, they can’t get it back over a £.
The market knows it’s a scabby dog.  

Anon 15 June 23 14:31

Well done law firm for putting security front and centre regardless of sensitivities or timing.  Better doing it this way then an annual online course we all just click through at speed. 
 

phishing is supposed to trick/hook you like this. 

 

Out of touch 15 June 23 18:59

@@@ Anon 15 June 23 14:31

Get some perspective.

This isn’t a sensitivity issue.

This is like choosing a fake payrise or promotion email on 1 April to use as an April fool’s joke. It’s thoughtless. It’s reckless. And it’s unnecessarily antagonistic.

If you, HR or anyone else fails to see that, please make sure you are NEVER in a position to manage someone else. You’re a walking claim waiting to happen. 

Anonymous 16 June 23 08:40

@Out of touch 11 June 23 17:58

>Hope you’re not the HR person behind this - but if you are - you’re still missing the point. You might technically be right in that scammers will try to mimic realistic situations but by doing this, you are showing the firm has FA knowledge about employee relations.. or kindness.

I am not in HR but 20 years ago I had a short stint in security. Phishing is only and I am deeply concerned to see highløy trained peopel fall for a rather blatant attempt. Phising does not follow any gentlemen's agreement, rather they are often Russian operations. In fact, the whole doubling down seen here makes me wonder how many have fallen for genuine scams already. 

 

Related News