SRA Report Four Email Scam Alerts In One Day

The Solicitors Regulation Authority (SRA) have issued four separate email scam alerts impersonating law firms on the same day.

All four scams were reported on 6th June where emails had been falsely claiming to be from a law firm or an individual working for the business.

Three out of four fraudulent attempts targeted professional employees at the firms, namely Glaisyers LLP, Kingsley Napleyy LLP, and CMS Cameron McKenna Nabarro Olswang LLP. While two of them tried to con unsuspecting members of the public to part with their money by requesting payment of deposit funds – and releasing a large inheritance by making initial payments of taxes or fees.

An email misusing the details of CMS Cameron McKenna Nabarro Olswang LLP has been sent from ‘John Armstrong, Partner’ using email address ‘[email protected]’ to a member of the public regarding an abandoned investment.

Furthermore, fraudulent emails had been sent claiming to be from “J. Harold & Co. Solicitors” in relation to a property transaction. The false email appears to be sent from ‘[email protected]’ and refers to a ‘Share-File Email Services’ and provides a link to a supposed “Sales Memorandum and Amended Contract”. The SRA confirmed that the firm is not regulated by them but was concerned that the link contained in the email may contain malware – which is software intentionally designed to cause damage to businesses’ computer network.

Prior to the run of alerts in June, at the end of last month, DLA Piper also suffered a misuse of identity whereby emails had been falsely sent claiming to be from them as part of a scam to trick an entity into making a payment to a fraudulent bank account.

The SRA had been advised that a false domain name had been created to impersonate the identity of the authorised and regulated firm, DLA Piper UK LLP. The false emails were sent from ‘[email protected]’ and ‘[email protected]’, who were also authorised by the SRA too.

The SRA issued 217 scam alerts for the year 2017/18 and 237 the year before this. While in 2018, authorised push payment fraud (APP), a scam in which the fraudster cons their victim into sending money directly from their account into the criminal’s account, increased by 93%.

In 2017, 43,875 attempts were made to swindle individual members of the public or firms to send their money to seemingly genuine accounts. Last year, this figure had increased to 84,624 as criminals become increasingly sophisticated at social engineering and impersonation methods.

Shockingly, last year authorised push payment fraud had a high success rate with £354.3 million stolen, which represents a huge increase from the £236 million figure revealed in 2017.

Even though ‘malicious redirection’ fraud, including conveyancing fraud, was only the third most common type of APP last year, it still had the biggest total loss with £123.7 million being pilfered in the UK in 2018 – with only £34 million sadly being returned to its owners.

Email/impersonation fraud is a law firm’s biggest risk and has been a lucrative business for cyber criminals in recent years – with £92.7 million being stolen through impersonation fraud and nearly 11,000 individuals and businesses being impacted by this means in 2018. These figures show the importance of making sure the people you are communicating with are genuine.

With client’s money, data and reputation at risk, it has never been more important to protect businesses’ domain by using DMARC software to safeguard your firm.

The SRA and CLC continue to work tirelessly to reduce the risk of fraud which is engulfing the legal industry. As cyber fraud increases, SRA introduced their interactive digital badge, a legal obligation from April this year, which claims to ensure consumers are using the correct firm – decreasing fraud through bogus websites in the process.

Have you seen an increase in email/impersonation fraud? What measures do you have in place to mitigate risk?