Editor, Solicitors Journal

500 law firms targeted by scammers

9 Mar 2017News

SRA warns about sudden rise in malware attacks

Nearly 500 law firms have been targeted by scammers, the Solicitors Regulation Authority has reported as it warned malware attacks against solicitors were on the rise.

In an update to the profession, the regulator said firms have been sent emails by fraudsters trying to infiltrate IT systems.

Emails would typically start saying the senders required the firms’ services. After the firms responded, the scammers sent attachments or links to websites which might contain malware – harmful software including viruses and other programs allowing access to data.

Once clicked on or downloaded, the attachments allow the scammers to control or undermine a firm’s IT systems. Some of the emails relate to the sale of a property or the purchase of a business, the SRA said.

The regulator said it has seen emails being sent from a ‘Margaret’ and a ‘Mary Smollins’, from the email address ‘margaretgreen220@gmail.com’.

‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business,’ the SRA said.

The SRA’s Risk Outlook and associated papers have identified IT vulnerability as a major risk for law firms and have urged solicitors to regard cybercrime as a priority risk.

The latest version of the outlook warned that information security breaches could harm clients’ interests, result in financial loss, and cause reputational damage.

Law firms were ideal targets because many hold significant amounts of information and client money.

Common scams include ‘Friday afternoon fraud’ or being tricked into dealing with a bogus law firm.

According to the Law Society’s 2016 professional indemnity insurance survey, a quarter of firms have reported being targeted by cyber criminals, with nearly one in ten of these attacks resulting in money being stolen.

In addition to malware, a common form of cybercrime is phishing, which involves using email or phone to obtain confidential information such as a password through building a personal relationship with a solicitor or law firm employee.

Another is email modification, often used in Friday afternoon fraud, where scammers use details gained from hacking or social engineering to modify emails and redirect money due from a client, bank, or supplier.

A variation on the latter is CEO fraud, where a criminal impersonates a senior figure at a law firm through hacking their email address or purchasing a very similar email address, in order to impose authority and order money transfers.

Jean-Yves Gilg is editor in chief at Solicitors Journal

jean-yves.gilg@solicitorsjournal.co.uk | @jeanyvesgilg

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Supreme Court ruling on fraudulent trading liability

UK Supreme Court clarifies liability of third parties in MTIC fraud and limitation rules for dissolved companies.

Forty years on, surrogacy law is still playing catch-up

Despite international growth in surrogacy, UK law remains reactive, outdated and ill-equipped for today’s challenges

Law firm reports significant caseload rise

A surge in immigration-related legal advice reflects new UK policies tightening regulations affecting businesses and individuals

Tudor v Tecuci District Court: Article 8 extradition appeal analysis

High Court upholds Romanian extradition despite private life arguments

Costs Lawyers seek recognition and support

The Association of Costs Lawyers aims to elevate its members' status and engage the younger workforce

Gig economy drivers challenge their status

Former eCourier drivers have launched a legal claim to secure workers' rights against misclassification

When is an environmental case not an Aarhus claim?

Court of Appeal narrows Aarhus costs protection, requiring direct breach of environmental law, not incidental impacts.

Commonhold’s fragile foundations: risk and reality

Commonhold promises fairness and simplicity, but unresolved enforcement and financial risks threaten its stability and long-term value

How the amended English Arbitration Act puts London at the centre of global arbitration reform

The Arbitration Act 2025 introduces reforms enhancing efficiency, certainty, and London’s global leadership in international arbitration

Support needed for UK retailers now

Clarke Willmott LLP calls for intervention in the autumn statement to avert worsening conditions in retail

Court of Appeal clarifies GDPR compensation thresholds in Farley v Equiniti

Court of Appeal establishes new precedent on data breach compensation claims.

Crest Nicholson v Secretary of State: Water neutrality upheld in planning decision

High Court affirms water neutrality condition for housing development near ecologically sensitive sites.

O Argence-Lafon v Ark Syndicate Management: EAT whistleblowing judgement analysis

Employment Appeal Tribunal clarifies protected disclosure requirements in insurance sector whistleblowing case

Sky UK Limited v Ofcom: Electronic communications services classification under regulatory scrutiny

Court of Appeal clarifies electronic communications service definitions in telecommunications regulation framework.

SRA addresses issues in law firms' high-volume claims

The SRA's review reveals significant failures by law firms in their duty to clients in high-volume claims

SJ Interview: James Palmer CBE

James Palmer CBE, Partner of Herbert Smith Freehills Kramer, has long been recognised as one of the UK’s most influential corporate lawyers and policy voices. Awarded a CBE in 2025 for his services to business and law, he has combined a high-profile career in M&A with decades of work on legal reform. In this interview, he discusses the challenges of legislative inflation and corporate advice, access to justice, and the future role of technology.

The SQE is failing its own test

Five years on, the SQE is underperforming, and targeted reforms could close persistent gaps.