Security
Technology

Email spoofing attempt blocked from targeting local law firm

Casey
Casey
June 11, 2026
Listen to this article

In April this year, one of our clients was the target of a large-scale email spoofing and impersonation attempt. This attack aimed to impersonate a law firm and email their contacts with malicious intent.

The attacker attempted to send nearly 1,700 emails from the law firm’s domain, using mail servers from all around the world.

How was the attack caught and prevented?

Catching and containing the attack early meant it was stopped in its tracks.

First, we identified the attempt through automated monitoring configured for our clients with the Sentrian DMARC managed service. Email authentication compliance dropped below 95%, flagging it as a potential security incident.

Here, you can see the unusual spikes in emails that were attempting to deliver from the law firm’s domain:

A spike in the emails attempting to send from the domain on the date of the attack
A spike in the emails attempting to send from the domain on the date of the attack

Next, ongoing checks helped confirm the issue. For clients using DMARC, we continuously monitor critical email and domain settings, including MX and SPF records, DKIM validation, and domain blacklist lists. These controls gave us a clear indication of what had changed and where the risk was coming from.

The attempted attack tried to use mail servers from around the world to email nearly 1,700 of the law firm’s contacts

For this client, we already had several protections in place that prevented the attack. These protections included enforcing a DMARC reject policy and maintaining clean, well-documented SPF and DKIM records of known applications that use the law firm’s domain to send emails.

What would’ve happened if the attack succeeded?

Without Sentrian’s cybersecurity support, the attack likely would’ve been successful and delivered those emails to their intended targets.

Consequences of a successful attack could include:

• A significant impact on the firm’s domain reputation

• Blacklisting of their domain across services

• Unpublishing of the firm’s website

• Legitimate emails from the firm’s domain not being delivered.

How common are email spoof and impersonation attacks?

Email spoofing and impersonation attacks are relatively common, though usually on a much smaller scale than this incident. Attackers usually start by sending a small number of emails to test whether they can successfully impersonate a domain.

Attacks at this scale are less common, but they can have serious consequences if a domain isn’t properly protected.

Our response and next steps to protect the client

Our security team reviewed the incoming alert and confirmed that the attack was unsuccessful.

We then informed the client of the incident and that the domain protection policies already in place were working as intended. The client’s staff were advised to report any email delivery issues to us for further investigation.

We continued to keep a close eye on the client following the attempt. We temporarily increased the reporting frequency of domain aggregate reports and monitored their mail traffic over the coming days to confirm that the attack had not continued and was an isolated incident.

The client was happy with the proactive communication and clear explanation of the incident, along with our successful containment of the attempt and ongoing monitoring.

Who is at risk of cyberattacks?

Unfortunately, all businesses are potential targets for domain impersonation attacks like this one.

Legal firms and financial institutions are generally more popular for attackers to target.

Our advice

Of course, it’s always best to be prepared. As cyberattacks become more frequent and more advanced, we recommend having always-on cybersecurity monitoring and protection in place.

“Domain reputation & DMARC policies are a critical requirement for any business. Without proper implementation and with increasingly advanced mail filtering technologies, you can quickly lose the ability to send emails to your customers, have messages diverted to junk or spam folders, and expose your domain to impersonation.”

-Alex R., Senior Systems and Security Engineer at Sentrian

Secure your business against cyberattacks today

Sentrian is a Brisbane-based IT and technology services provider (TSP) supporting businesses, firms, and organisations across Australia.

We specialise in providing IT, AI, automation, and tech services to small- to medium-sized teams in high-risk sectors like government, legal, medical, accounting, property, infrastructure, and construction – where data governance, security, and confidentiality are critical.

We look after your cybersecurity behind the scenes so you can focus on your work confidently and without disruption.

→ Learn how we can support your cybersecurity
-> Book a free consultation

In April this year, one of our clients was the target of a large-scale email spoofing and impersonation attempt. This attack aimed to impersonate a law firm and email their contacts with malicious intent.

The attacker attempted to send nearly 1,700 emails from the law firm’s domain, using mail servers from all around the world.

How was the attack caught and prevented?

Catching and containing the attack early meant it was stopped in its tracks.

First, we identified the attempt through automated monitoring configured for our clients with the Sentrian DMARC managed service. Email authentication compliance dropped below 95%, flagging it as a potential security incident.

Here, you can see the unusual spikes in emails that were attempting to deliver from the law firm’s domain:

A spike in the emails attempting to send from the domain on the date of the attack
A spike in the emails attempting to send from the domain on the date of the attack

Next, ongoing checks helped confirm the issue. For clients using DMARC, we continuously monitor critical email and domain settings, including MX and SPF records, DKIM validation, and domain blacklist lists. These controls gave us a clear indication of what had changed and where the risk was coming from.

The attempted attack tried to use mail servers from around the world to email nearly 1,700 of the law firm’s contacts

For this client, we already had several protections in place that prevented the attack. These protections included enforcing a DMARC reject policy and maintaining clean, well-documented SPF and DKIM records of known applications that use the law firm’s domain to send emails.

What would’ve happened if the attack succeeded?

Without Sentrian’s cybersecurity support, the attack likely would’ve been successful and delivered those emails to their intended targets.

Consequences of a successful attack could include:

• A significant impact on the firm’s domain reputation

• Blacklisting of their domain across services

• Unpublishing of the firm’s website

• Legitimate emails from the firm’s domain not being delivered.

How common are email spoof and impersonation attacks?

Email spoofing and impersonation attacks are relatively common, though usually on a much smaller scale than this incident. Attackers usually start by sending a small number of emails to test whether they can successfully impersonate a domain.

Attacks at this scale are less common, but they can have serious consequences if a domain isn’t properly protected.

Our response and next steps to protect the client

Our security team reviewed the incoming alert and confirmed that the attack was unsuccessful.

We then informed the client of the incident and that the domain protection policies already in place were working as intended. The client’s staff were advised to report any email delivery issues to us for further investigation.

We continued to keep a close eye on the client following the attempt. We temporarily increased the reporting frequency of domain aggregate reports and monitored their mail traffic over the coming days to confirm that the attack had not continued and was an isolated incident.

The client was happy with the proactive communication and clear explanation of the incident, along with our successful containment of the attempt and ongoing monitoring.

Who is at risk of cyberattacks?

Unfortunately, all businesses are potential targets for domain impersonation attacks like this one.

Legal firms and financial institutions are generally more popular for attackers to target.

Our advice

Of course, it’s always best to be prepared. As cyberattacks become more frequent and more advanced, we recommend having always-on cybersecurity monitoring and protection in place.

“Domain reputation & DMARC policies are a critical requirement for any business. Without proper implementation and with increasingly advanced mail filtering technologies, you can quickly lose the ability to send emails to your customers, have messages diverted to junk or spam folders, and expose your domain to impersonation.”

-Alex R., Senior Systems and Security Engineer at Sentrian

Secure your business against cyberattacks today

Sentrian is a Brisbane-based IT and technology services provider (TSP) supporting businesses, firms, and organisations across Australia.

We specialise in providing IT, AI, automation, and tech services to small- to medium-sized teams in high-risk sectors like government, legal, medical, accounting, property, infrastructure, and construction – where data governance, security, and confidentiality are critical.

We look after your cybersecurity behind the scenes so you can focus on your work confidently and without disruption.

→ Learn how we can support your cybersecurity
-> Book a free consultation

Latest Articles

Security
Technology
Email spoofing attempt blocked from targeting local law firm

A local law firm was nearly the victim of an email spoof and impersonation attack. Sentrian’s cybersecurity controls contained the incident.

Casey
Casey
June 11, 2026
Artificial Intelligence
IT Trends
Technology
AI in 90 Seconds or Less
Myth-busting AI Criticisms and Fears | AI in 90 Seconds or Less | Episode 4

AI adoption doesn’t replace people. It removes repetitive work, lifts productivity, and supports better decisions when introduced with the right strategy and governance.

Casey
Casey
April 28, 2026
Artificial Intelligence
IT Trends
Technology
AI Automation and Agents: How We Work Smarter and Save Time

See how AI automation and agents help Sentrian teams work smarter by cutting admin, streamlining workflows, and creating more time for meaningful work.

Casey
Casey
April 20, 2026
See all articles

1300 791 678
care@sentrian.com.au

Services
Company
Resources
© Sentrian Pty Ltd 2026
Privacy PolicyTerms & ConditionsTerms of ServiceAcceptable Use Policy