Editor, Solicitors Journal

500 law firms targeted by scammers

9 Mar 2017News

SRA warns about sudden rise in malware attacks

Nearly 500 law firms have been targeted by scammers, the Solicitors Regulation Authority has reported as it warned malware attacks against solicitors were on the rise.

In an update to the profession, the regulator said firms have been sent emails by fraudsters trying to infiltrate IT systems.

Emails would typically start saying the senders required the firms’ services. After the firms responded, the scammers sent attachments or links to websites which might contain malware – harmful software including viruses and other programs allowing access to data.

Once clicked on or downloaded, the attachments allow the scammers to control or undermine a firm’s IT systems. Some of the emails relate to the sale of a property or the purchase of a business, the SRA said.

The regulator said it has seen emails being sent from a ‘Margaret’ and a ‘Mary Smollins’, from the email address ‘margaretgreen220@gmail.com’.

‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business,’ the SRA said.

The SRA’s Risk Outlook and associated papers have identified IT vulnerability as a major risk for law firms and have urged solicitors to regard cybercrime as a priority risk.

The latest version of the outlook warned that information security breaches could harm clients’ interests, result in financial loss, and cause reputational damage.

Law firms were ideal targets because many hold significant amounts of information and client money.

Common scams include ‘Friday afternoon fraud’ or being tricked into dealing with a bogus law firm.

According to the Law Society’s 2016 professional indemnity insurance survey, a quarter of firms have reported being targeted by cyber criminals, with nearly one in ten of these attacks resulting in money being stolen.

In addition to malware, a common form of cybercrime is phishing, which involves using email or phone to obtain confidential information such as a password through building a personal relationship with a solicitor or law firm employee.

Another is email modification, often used in Friday afternoon fraud, where scammers use details gained from hacking or social engineering to modify emails and redirect money due from a client, bank, or supplier.

A variation on the latter is CEO fraud, where a criminal impersonates a senior figure at a law firm through hacking their email address or purchasing a very similar email address, in order to impose authority and order money transfers.

Jean-Yves Gilg is editor in chief at Solicitors Journal

jean-yves.gilg@solicitorsjournal.co.uk | @jeanyvesgilg

Legal News desk contact: editorial@solicitorsjournal.com

Latest Articles

Small firms eager to embrace technology

A recent report reveals small legal firms are enthusiastic about technology adoption, but substantial barriers remain

AI, data and breaches: security in the age of machine learning

As AI transforms business operations, it also magnifies data breach risks—demanding smarter, AI-specific security strategies from both customers and suppliers

Sorry seems to be the hardest word… changes afoot for the law of apologies

Oliver Lock from Farrer & Co takes a closer look at the changes being proposed to legislation to facilitate apologies without admitting liability

Merricks v Mastercard: the first contested settlement of a funded class action

Emma Carr and Louise Macdonald from Gowling WLG provide an overview of the ruling and its significance

Optis v Apple: Court of Appeal redefines FRAND principles for global SEP licensing

Court of Appeal overturns High Court ruling, restoring comparables-based FRAND valuation and reshaping SEP dispute standards.

Law Society voices concerns over Data Act

The Law Society supports the Data Act's goal to modernise data use while raising concerns about privacy protections

New law tightens citizenship appeal rules

A new law aims to keep potential security threats from regaining British citizenship during appeal processes

Overcrowded prisons lead to increased violence

New research highlights a concerning link between overcrowded prisons and rising violence rates among inmates

New law promotes equality in sentencing

A new law ensures that pre-sentence reports will fairly treat individuals irrespective of race or religion

High Court Clarifies Cost Liability in Illiquidx v Altana Trade Secrets Case

Costs ruling highlights precision’s impact in complex commercial confidentiality disputes.

Privy Council Clarifies Easement Registration in Cayman Shores Development Ruling

Privy Council overturns misclassified recreational rights as easements in landmark Cayman Islands property case.

Rasmala v Trafigura: Key Restitution and Unjust Enrichment Ruling

The High Court has dismissed a $21 million restitution claim in Rasmala Trade Finance Fund v Trafigura PTE Ltd (2025), with significant implications for recovery in commercial fraud cases involving innocent third parties.

Protecting the public interest in the practice of law

The SRA relies on self-reporting to function, yet confusion and inertia risk enabling professional misconduct.

The report on improving family court services for children is an unsurprisingly depressing read for family law practitioners

Rachel Frost-Smith, Legal Director of the Family Team at Birketts, shares her experience of the impact of the delays in family court proceedings