Cyber criminals caused “substantial losses” to 50 law firms this year, SRA says

Print This Post

16 October 2015

The Cube

SRA: email redirection scams a “real problem”

Cyber criminals have caused “substantial losses” to 50 law firms this year, ranging from £50,000 to £2m, the Solicitors Regulation Authority (SRA) has said.

Steve Wilmott, director of intelligence and investigations at the SRA, said a further 20 firms had fallen victim to e-mail redirection scams since Christmas, involving “very substantial” amounts of money.

Mr Wilmott said cyber criminals were becoming “very, very clever” and described how one firm, which lost over £2m, spent three hours on the phone with one of them.

Speaking at the SRA’s COLP and COFA conference in Birmingham this week, he said: “You may remember that in January this year many thousands of firms received e-mails purporting to be from the SRA, saying they were under investigation with a letter signed by me.

“Who would click and open it up? I would. They did and it was full of malware. They did that for four consecutive Mondays and then on the final Monday the criminals involved sent another e-mail, apparently from the Law Society.

“It said: ‘Hi, we represent you. We know you’ve been sent all these dodgy emails by the SRA. Click on this for advice.’ And that was full of malware.” This gave them access to the solicitors’ systems.

Mr Wilmott said the use of ‘ransomware’ – offering to unlock a virus in return for a sum of money – tended not to be reported by law firms.

He said ‘phishing’ e-mails sent to solicitors were usually quite sophisticated. “They will know a lot about you, because they will research you. They will look on social media sites, find out as much as they can about you and use that information.”

He went on: “A few months ago one of these criminals found out through social media that someone in finance liked dogs. Immediately the person felt comfortable and they talked about dogs. Next thing they were engaged in a fraud and they didn’t know it. So be very careful of what you put on social media.”

Mr Wilmott described e-mail redirections as a “real problem” and said the SRA had dealt with 20 such scams since Christmas involving “very substantial” amounts of money.

“You’re just about to send the proceeds from the sale of a house to another solicitor. Right at the last minute you get an e-mail from your corresponding solicitors saying that they’ve just changed their bank account. The solicitor sends the money to the account and it goes straight to the criminal.”

He said the worst e=mail redirection scams involved clients, where they are about to send a solicitor the deposit for a house.

“The client receives an e-mail from ABC solicitors saying ‘we’ve just a new bank account’. You send your deposit, your life savings, to the new account. It doesn’t go anywhere near the solicitor.”

On anti-money laundering (AML), Mr Wilmott said the SRA was investigating a “small number of substantial cases”. He said only two of three law firms were involved but the amounts of money involved were “quite serious”.

He said law firms were very reluctant to issue ‘suspicious activity reports’ (SARs), and accounted for only 1% of SARs issued last year – a total of 3,600, or one for every three firms.

Mr Wilmott warned that the Home Office would be launching another anti-money laundering campaign next month, targeting lawyers and accountants.

He added that the SRA had made AML visits to 270 firms this year and return visits to a further 20. Although 30% of money laundering officers were found to have had no training, it was a case of checking firms’ policies and procedures were up-to-date rather than taking regulatory action.

The increasing dangers of cyber crime were highlighted by the SRA in its Risk Outlook for 2015/16, published this summer.

Tags: , ,

One Response to “Cyber criminals caused “substantial losses” to 50 law firms this year, SRA says”

  1. A great article Nick, Pentesec are currently reaching out to legal firms around the UK to help them preempt these cyber threats. I will forward them your article as it underlines the risks all companies are facing in 2015, risks that are beatable. If you would like any information for additional security articles please get in touch as I’d be happy to help you.

  2. Richard Bass on October 26th, 2015 at 11:10 am

Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

The skills shortage in law firms is the biggest threat to handling cybercrime

CLC Roundtable discussion at Malmaison Hotel, Charterhouse Square

The skills shortage in our businesses is the biggest threat to our industry when looking at cybercrime. Cybercriminals are not just after money but are looking for sensitive information too, so the legal services sector is an obvious target. In the last year we have had reports of around £7m of client money being lost to such crime. This is not an IT issue and it should not be left to the IT teams to sort out. It is a high-level responsibility and a board-level issue that must be taken seriously. We suspect that we will look back on 2016 and ask why we didn’t respond quicker.

March 21st, 2017