"You've got a pay rise...Not really! Joke's on you!"
Delight turned to anger at Knights after lawyers were sent emails awarding them pay rises which turned out to be a phishing test.
A recent round of pay reviews at the listed firm went down “very poorly” according to insiders, who told RollOnFriday that many partners received zero uplift while numerous other lawyers received “tiny percentages on already way-below-market rates”.
So the jubilation was palpable when staff received emails purporting to be from Knights’ HR team acknowledging that a review had determined that they were in fact entitled to a substantial pay rise.
“After assessing the current salary structure as provided under the terms of your employment, it was discovered that you are due for a [double digit percentage] annual salary increase beginning in the upcoming fiscal quarter”, stated the email from [email protected].
“The details of your salary increase are enclosed in the attached document”, it read, requesting that recipients check the document to confirm the details were correct.
But when they opened the attachment, they were informed that the email was fake, and warned that they had fallen for the kind of phishing scam which, if it had been the work of cybercriminals, could have resulted in the theft of sensitive information.
It might have been better for everyone if the exercise had been the work of scammers. The awareness test went down “like a lead balloon” and prompted “strongly worded emails, partners threatening to leave and incredulity”, according to a source.
It was tempered with amusement amongst some Knights staff who didn’t find it “remotely surprising” that management could “misread the room to such an extent”.
A spokesperson for Knights was unapologetic for trolling their own staff, telling RollOnFriday, “We take cyber security very seriously so engage a number of third party providers to guard against continually evolving threats. Our phishing campaigns are run by a third party provider, which bases its scenarios on the phishing attempts that are prevalent currently, to make them as realistic as possible. Unfortunately, they are seeing a rise in phishing attempts based on pay rises and this prompted the theme of this campaign”.
LawyerUp lets top firms contact your app, without middlemen, when they like you for a vacancy. Tap to take it further, or to dismiss them. Grab it on the App Store and Google Play.
Comments
162
101
Tell me you have no awareness without telling me you have no awareness.
157
92
Lawyers should not be managers. Simple.
144
104
Bunch of Shights.
153
103
Wow, they really doubled down with the slap in the face with the spokeperson's comment.
ROF - Why don't you give the spokeperson's name?
150
90
That is very funny.
161
96
Dave Brent thinks of a wonderful phishing lesson for the employees after reading a little more from a self-help management book he picked up at the airport.
Watch the hilarious capers unfold as Brent again fails to read the room and demonstrates why nobody should ever consider joining his hapless company.
118
146
Serves you right for opening a phishing email, to be be fair.
Cybercriminals don't "read the room" they send you whatever is most likely to get you to click the infected link.
Which, if you're a desperate underpaid associate wasting their life at a dreadfully managed provincial firm which you should have left a year ago, is an email telling you that you're going to be paid marginally more than your current pitiful wage.
144
115
The day Knights inevitably collapses like Ince and Plexus will be a brilliant day
127
112
I blame the staff for believing that Knights would give them a decent pay rise.
155
109
D*ck move. Even the NCSC says this type of phalse phishing exercise shouldn't be undertaken as it very hard for the recipient to know if the email is fake or not.
What was the idea here? That Knights' staff should have known it as fake as their firm would never give them a proper pay rise?
145
114
Controlling behaviour takes a number of forms.
Get out now.
116
132
"it very hard for the recipient to know if the email is fake or not"
That's the point you muppet.
It's to teach you to spot fake emails, which is hard unless you've learned how.
I hate to break it to you, but cybercriminals don't label their attempts to steal the contents of the client account with banners reading "This is a scam. Only click the link if you want to lose a few million quid, suffer enormous reputational harm, and spend several weeks telling the SRA all about it".
155
112
But why not pick a topic that isn’t obviously going to be a massive sore point?
There must be plenty that people would still click on.
‘Client conflict alert’
’New office entry procedures - important’
‘Latest acquisition announced’
’Job losses imminent’ ok maybe not that one
140
106
Colossal mistake by Hr and leaders (they can blame each other when the dust settles).
Yeah, technically scams can use all sorts of scenarios but choosing to use one based on a false pay rise - especially 10% plus - in this climate - with the reputation of this particular firm - is just reckless - and not pausing to think about the impact and disappointment this will have on staff. Expect plenty of complaints and people coming to their senses by leaving.. or maybe that is the point?
So which manager has the balls to fess up to this f* up?
125
114
The only good thing about working at Knights is that I get a strong sense of satisfaction of knowing that I don't work at Skaddens.
They make you come in to the office there you know. And they only give you £200k to make up for it.
Barbaric stuff.
They won't be able to get the staff for much longer. You'll see!
160
109
Surely the staff should have known that their pay would not be increased as Knights has to maintain its dividend to prevent its share price collapsing again.
Poirot would not have been fooled and would have sent an email to management saying something like;
”You are trying to bulls*it Poirot. You are a greedy unprincipled bas*ard who would never award generous pay rises leading me to conclude, this email is a scam”
148
113
Next phishing email:
"The management team have decided to repay staff the 10% taken from their salaries without consent during the first Covid-19 wave. In addition we will no longer be providing Dominos pizza in lieu of bonuses and pay rises as we are a listed law firm and not a branch of Sports Direct. Please click the link to acknowledge receipt."
117
108
@Anonymous 09 June 23 10:29
>Even the NCSC says this type of phalse phishing exercise shouldn't be undertaken as it very hard for the recipient to know if the email is fake or not.
No. This was not had. The sender was, as the article notes, "[email protected]". In that respect it was easier than the phishing attempts that use internal looking addresses. The scenarion was realistic as the volume of anger proves. Phishers always aim to tap into hot topics and salary rises is a low hanging fruit we all know will be opened with (too) great haste.
108
101
We have the fake headhunter mails . But the fishing tests are always Fridays between 6-7pm.
113
102
So cyber crims read ROF to better reach their targets. That's the sort of thinking a firm like Knights could use...
141
105
Of all the choices in the world to use, this is amongst the worst. They did it I imagine to get people to read it, but there are better ways. For example, “click here if you want a free lunch voucher” would have similarly triggered interest without the dire consequences. Totally tone deaf.
139
105
@5PQE I, for one, cannot wait to see that day and it'll be well deserved
118
110
Not only is this just ridiculous, only absolute idiots and dinosaurs think that sending your staff a fake phishing email is a good idea.
144
101
All of those suffering from Stockholm Syndrome will believe that they all consented to the 10% pay deduction at the start of Covid. Even those who made that decision and know it to be a lie, have convinced themselves it’s true. So much so that they unflinchingly make such false claims in Employment Tribunal proceedings.
Soon they will all conclude that the phishing email was the right thing to do and it was for their own good. And so it goes on and on.
152
96
Two dreadful stories about Knights in RoF on the same day! Both stories show a complete lack of self-awareness on the part of those running the business. This is not a firm I would ever instruct, sell to, or want to join.
152
95
Fantastic work from Big Dave. For his next phishing extravaganza, he’ll be sending a firmwide email to offer lucky staff a virtual tour of his mansion and 24ct gold cufflink collection.
154
97
At least they are consistent.
We’ve had stories like this coming out for about 4 or 5 years now.
Just leave as soon as you can. It will not get better.
126
110
Completely unacceptable. Have they no idea how many bills people have to pay, even childcare alone can be £20,000 a year per baby. A pay rise is not something to mess around over.
102
100
Am I booked for next year?
128
94
Next phishing email:
You can all eat French Fries now.
Eating FF on any Knights site is verboten. Weird.
120
125
Pretty sure they sent a phishing email asking for feedback on how it was to work for Knights a few months ago…
so, lawyers should look out for; typos, incorrect email addresses, notes of urgency and messages about decent salary increases and requests for feedback that might actually lead to improvements at knights, as these things probably suggest a scam
fortunately, I realised they would never want to hear feedback so I promptly forwarded on to IT to show them I knew it must be a hoax and claim my golden star/turd
109
104
Law firms are the absolute pits. So glad I don’t work in one anymore!
121
109
Appalling
125
111
The gift that just keeps on giving.
A bottomless pit of comedy.
What joy will this hapless bunch bring to the masses, next?
103
115
Now remember you’re not allowed to eat in the office!
116
104
@regional firm’s fake phishing email 09 June 23 12:35
Not only is this just ridiculous, only absolute idiots and dinosaurs think that sending your staff a fake phishing email is a good idea.
Would you have preferred a genuine phishing email?
121
110
I am genuinely puzzled by this. The email address seen in that pic is clearly fake. There is this warning in bold that the msg originated outside of Knights. And yet people open the attachment?
I guess this story only highlights how easy it is to phish lawyers!
121
111
This just goes to show the lawyers attention to detail there is zero, and then moan when caught.
I for one wouldn't instruct them.
Well done to the IT/HR teams, ithink it was genuis.
106
100
Wombles asks Knights to take it over to sort its culture out.
109
99
@Hobbes 11 June 23 07:19
And the calibre of lawyers which knights produces / retains…
145
95
@Anonymous 09 June 23 11:23
‘No. This was not had. The sender was, as the article notes, "[email protected]". In that respect it was easier than the phishing attempts that use internal looking addresses. The scenarion was realistic as the volume of anger proves. Phishers always aim to tap into hot topics and salary rises is a low hanging fruit we all know will be opened with (too) great haste’.
Hope you’re not the HR person behind this - but if you are - you’re still missing the point. You might technically be right in that scammers will try to mimic realistic situations but by doing this, you are showing the firm has FA knowledge about employee relations.. or kindness. Seriously, WTF.
The fallout might in fact be less serious if this had been a real scam. In that situation, you’d take a financial hit but would still have employees behind you..
112
107
@Hobbes 11 June 23 07:19
HR and benefits are often external services so a non-firm email wouldn’t be surprising for this kind of thing. What’s more, standard spam filters should mean that this kind of email from wide can only come from a legit source - so even more reason for staff to not suspect it.
What a sh’’show!!
144
92
Comms re benefits,pension etc all come from an external email like this. Cruel topic to choose to test staff, why not use “ urgent - entry to building procedure” “ . A lot of the support staff are on minimum wage, lateral hires, lawyers don’t get pay rises for years. I get the economics but this was just cruel. Remember the old adage of wages = 3 time fee income, it’s more like 7 here for existing staff. Some really good lawyers and staff at knights, who they don’t deserve!!!!
131
113
To @10:40 and the other amateur cyber security experts out there, read "I'm gonna stop you, little phishie..." by the NCSC.
Until then please keep your over-confident but ill-informed views to yourself.
124
89
I can see the briny water already lapping over the top of Knights' deck
136
85
That share price remains scabby. No matter what they do, they can’t get it back over a £.
The market knows it’s a scabby dog.
94
131
Well done law firm for putting security front and centre regardless of sensitivities or timing. Better doing it this way then an annual online course we all just click through at speed.
phishing is supposed to trick/hook you like this.
123
92
@@@ Anon 15 June 23 14:31
Get some perspective.
This isn’t a sensitivity issue.
This is like choosing a fake payrise or promotion email on 1 April to use as an April fool’s joke. It’s thoughtless. It’s reckless. And it’s unnecessarily antagonistic.
If you, HR or anyone else fails to see that, please make sure you are NEVER in a position to manage someone else. You’re a walking claim waiting to happen.
85
115
@Out of touch 11 June 23 17:58
>Hope you’re not the HR person behind this - but if you are - you’re still missing the point. You might technically be right in that scammers will try to mimic realistic situations but by doing this, you are showing the firm has FA knowledge about employee relations.. or kindness.
I am not in HR but 20 years ago I had a short stint in security. Phishing is only and I am deeply concerned to see highløy trained peopel fall for a rather blatant attempt. Phising does not follow any gentlemen's agreement, rather they are often Russian operations. In fact, the whole doubling down seen here makes me wonder how many have fallen for genuine scams already.