EditorSolicitors Journal
EditorSolicitors Journal

Cyber 'vultures' capitalising on homeworking lawyers

Cyber 'vultures' capitalising on homeworking lawyers

Firms have been warned by the regulator to be extra vigilant, with a specialist solicitor warning that criminal hackers have become increasingly sophisticated 

Firms have been told by the regulator to be extra vigilant around cyber security, with a specialist solicitor warning that criminal hackers have become increasingly sophisticated and targeted.

The Solicitors Regulation Authority (SRA) issued the warning to law firms and staff amid an increase in reports of cyber-attacks against businesses whose staff are remote working.

It said it has received reports of firms being targeted, including a case where criminals attempted to create a standing order for £4,000 a month from a firm’s client account.

Peter Wright of Digital Law commented that while lawyers have the tools to be as productive while working from home as they were before lockdown, they are not as safe from being exploited by cyber-attacks.

He warned that hackers have capitalised on the fact that most of the workforce is working at home using home wifi; and personal devices that are “not designed for the sort of mass intensive use they have had to handle during the lockdown”. 

“The legal profession’s email addiction continues to leave us more vulnerable than most sectors of the economy to exploitation by the phishing email”, he added. 

“These attempts to encourage recipients to click on malicious links or provide confidential information have become increasingly sophisticated and targeted during the lockdown.”

Wright described the volumes of scam email traffic out there as “staggering”. 

Google disclosed this month that every day it was blocking more than 18m coronavirus-themed scam emails.

The National Cyber Security Centre (NCSC) reported a 400 per cent increase in cyber-attacks across all businesses in the UK during the first two weeks of lockdown; and Action Fraud reported a spike in attacks on smaller businesses.

SRA chief executive Paul Philip said: “Cybercrime is a priority risk for the legal sector and it’s not going away during the Covid-19 pandemic.

“Criminals are always looking to take advantage and they know that security arrangements are likely to have changed as people move to homeworking.” 

Wright also highlighted the risks associated with business platforms such as LinkedIn and warned lawyers not to accept a connection request from someone they don’t know. 

“One scam”, he explained, “involves users receiving connection requests from hackers posing as recruitment consultants. 

“Once connected, they contact the user and flatter them, saying they have been headhunted for a prestigious role. 

“The hacker then sends a spreadsheet as an attachment on LinkedIn, asking the recipient to confirm certain pieces of information.” 

He said this spreadsheet contains macros that need to be enabled and, once downloaded and enabled, it could then give the hacker access to the machine. 

They could then hack into the network and business systems; or install ransomware, lock the machine and demand a ransom payment in Bitcoin in return for unlocking it 

Meanwhile, the Law Society this week launched a new cyber security campaign following the increase in fraud and scams. 

The campaign includes revised guidance on preventing frauds and scams, online training, advice on how to safely deliver legal services online and how to utilise effective legal technology during the crisis.

Law Society president Simon Davis said cyber criminals and fraudsters are “circling like vultures”.

He said: “It is important we are equipped to protect against these threats.

“Protecting clients’ data will rightly be a priority for many firms. 

“We have a dedicated in-house team who will be on-hand to provide bespoke support to members, field queries, and facilitate thought leadership.”

He said the Society will continue raising awareness of the dangers of online fraud during the pandemic crisis and how to prevent it.

The SRA’s information for firms on cyber risks during lockdown was updated on 9 April 2020.

Details of the Society’s new campaign can be found here. 

Latest News

The Chancery Lane Project expands to the USA

Thu Sep 21 2023

Delay in Final Report of the Infected Blood Inquiry

Thu Sep 21 2023

Attorney General presents UK intervention in Ukraine case against Russia at International Court of Justice

Thu Sep 21 2023

Firms losing potential clients by failing to return their calls, research shows

Thu Sep 21 2023

Powers of attorney modernised as legislation allows CILEX Lawyers to certify LPA copies for the first time

Thu Sep 21 2023

Stark contrast between Government response to Post Office Horizon victims and Infected Blood

Wed Sep 20 2023

ACSO comments on the Justice select Committee report:

Wed Sep 20 2023

Campaigners win permission to appeal against Sizewell C Nuclear Power Station ruling

Tue Sep 19 2023

Pre-inquest review into the deaths of Reading murder victims, James Furlong, Dr David Wails and Joseph Ritchie-Bennett

Mon Sep 18 2023
FeaturedAudit reform: if not now, when?
Audit reform: if not now, when?
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
Browne Jacobson collaborates with LGiU on report highlighting “critical” role of local government to hit net zero
The battle for talent – promoting diversity
The battle for talent – promoting diversity
BSB publishes new guidance on barristers’ conduct in non-professional life and on social mediaSJ interview: Adrian Chopin
SJ interview: Adrian Chopin
Whose human rights are more important, yours or mine?
Whose human rights are more important, yours or mine?