Solicitors have been warned about a new e-mail ‘phishing’ scam containing a computer virus that is targeted at the profession.
The messages look to be from the Solicitors Regulation Authority (SRA) itself, but have been sent from e-mail addresses that do not end in @sra.org.uk.
They potentially contain a virus that could change firms’ data on MySRA.
The warning comes amid an increasing number of scams using real or bogus names of solicitors, but these are usually aimed at trying to trick people out of money. Yesterday the SRA reported a new scam involving cash converter type stores.
According to the SRA, the phishing message includes the firm’s name, address and SRA ID number, and in the subject field typically says “Important update from the SRA regarding your law practice (NAME), possible investigation”.
The message says the SRA has “received a complaint regarding your law practice and we will soon begin an investigation regarding your activity starting with the 1st December 2013 until the present day”.
Attachments purportedly detail the complaint, but they could contain viruses.
The SRA has asked any solicitors receiving a message of this kind to forward it to firstname.lastname@example.org and then delete it. If anyone has opened an attachment, they should tell their bank and IT provider.
The Lawyers Defence Group has reported that, if the attachment is opened and solicitors then go on to MySRA, “you may find that it changes your data on MySRA – including applying for you or your firm to be removed from the register”.
Meanwhile, the cash converter scam – the first of its type – involves fraudulent cheques purporting to be from a genuine firm of solicitors.
The SRA said: “Six fraudulent cheques were paid into various cash converter type stores on a Saturday, when the genuine firm’s offices were closed. The cheques were accompanied by a falsified letter purportedly from the genuine firm, for example, saying ‘Please find enclosed a cheque in settlement of your claim’. The cheques bore the genuine firm’s name and account number.
“Those responsible for the fraudulent cheques had contacted BT the Friday before, late in the evening and were able to have the telephone lines for the genuine firm diverted to a number being operated by the fraudsters.
“This meant that when the cash converter type stores attempted to contact the genuine firm to verify the authenticity of the cheques the first business day after they were paid in, they were inadvertently diverted to the fraudsters who claimed that the cheques were authentic. The cheques were duly cashed.”
The SRA said the fraudsters attempted to cash two further cheques but they were of such poor quality that they were unsuccessful. None of the cheques were genuine.
The full alert, with advice on what firms should do if it happens to them or they want to check the identity of another practice, is here.