Scam Email Targets Law Firms To Gain Confidential Information

Law firms have reported receiving an email inviting them to pitch to represent a property development company in conveyancing transactions. In fact, the email is a scam, probably generated to gain information on individual law firms.

The email purports to come from Argee Building Services, a genuine Glasgow company, who were flooded with calls as legal firms responded to the fake email.

The scam email includes Argee’s logo and is signed with the name Lorna Fullerton. It said:

“We are property development and management company’, and explains that they want to engage a new conveyancing firm. Details of a transaction are included and a request made to ‘get back to me with your quotes, legal fees and contracts to enable you to act on our behalf within a proper time frame.”

Peter Wright, Chair of the Law Society’s GDPR working group, said: 

“It is important that firms do not reply to the email or refer it to another law firm mistaking it for a genuine enquiry.”

There are a number of clues to the fake nature of the email. ‘A new client would rarely provide as much detail as is set out in this message in a first email making initial contact. The lack of any contact information in the footer is also a giveaway. The domain does not lead to a legitimate website either, particularly given the client is supposed to be engaged in such large scale commercial property transactions.’

Emails of this type are used to connect with a firm in the hope of acquiring information that can be used against it. Wright, a solicitor and managing director of expert cyber law firm Digital Law UK, explained that data obtained by fraudulent means could be used:

“to undertake surveillance of a firm, to discover its terms, its systems, its staff, its working practices and in turn its weak spots so that it could be targetted by a specific cyber intrusion.”

Firms have warned their staff not to reply to this email and ensure that all employees know how to look for the telltale signs of a scam email.

Email modification fraud is now the most common type of cybercrime against law firms where cyber criminals intercept and falsify emails between a client and the firm.

The Solicitors Regulation Authority highlighted at a recent LegalEx Conference that the vast majority of cyber attacks reported to them involve email compromise – and everybody is now 20 times more likely to be a victim of cyber crime than a victim of in-person crime.

Law firms are a massive target for email fraud due to the nature of work carried out whereby large amounts of money are being transferred to many accounts – this gives fraudsters a huge opportunity to impersonate a firm’s email domain to any recipient such as clients, suppliers or employees.

Guidance from the National Cyber Security Centre to law firms suggests that there is no single solution to email security and that firms must adopt a multi-layer approach to protecting themselves from cyber attacks, meaning if one layer of defence is breached there are still more layers of security to offer protection from an attack.

Are you confident that your firm and your staff could identify a scam email? What measures do you have to mitigate risk?