The concern here was not only that the practice could have been emailed or contacted by the cloned, named practice (the solicitor did not exist), but in particular, the potential for the attachments to contain malware.
Malware is the generic term for a wide range of hostile or intrusive software, including computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. Malware has the potential for all sorts of damage and undesired consequences to your IT system once it it opened, depending on its intended purpose. For example, it could extract sensitive information (immediately or on a prolonged basis without your knowledge), gain access to private computer systems and display unwanted advertising.
In similar scam this week in which there are malware concerns, an email falsely claimed to be from ‘Ernst & Young LLP’ relating to a conveyancing matter, although it was from Pdf Online. It stated that someone at Ernst & Young LLP had sent a document called ‘Confidential Conveyancing Inquiries” to them via Adobe Pdf Online.
A further scam alert yesterday from ‘A James and Co Solicitors’ asked the recipient to settle an unspecified debt within three days or face the possibility of legal proceedings.
Another alert this week falsely claimed to be from ‘HCLS LLP’ and that the sender was holding the proceeds of sale of a property, to be used towards the purchase of a new property.
The fact that all of these alerts were reported by the SRA within the past 5 working days should give you an idea of the scale of this issue.
What you can do
Monitor Scam Alerts: someone should be allocated responsibility for monitoring the SRA website on a daily basis, whether the COLP or delegated to someone or nominated individuals in different teams/departments.
Scam Alert Search: the SRA has this search facility which enables you to check for scams, either by doing a keyword search or by searching within a date range.
Bank details: ensure staff are alert to the possibility of frauds involving criminals hacking into the chain of email between parties in a sale and purchase and, in particular, any last minute changes to bank account details.
Solicitor check: you can check whether the practice or individual exists by checking the Law Society’s ‘Find a Solicitor’ or with the SRA. However, you may then need to check the authenticity of the individual or practice correspondence by contacting the law firm directly.
Cross-check: the names of any individuals and practices in the alert should be cross checked with your IT system(s) for any matches with names, emails addressed, telephone numbers.
Don’t: click on any attachments or links to the practice from the correspondence.
Train: staff should be training about be constantly alert and to take the steps outlined here.