In the past three months, the Solicitors Regulation Authority (SRA) have issued 12 scam alerts concerning probate, inheritance or customer entitlement to money.
Just yesterday, Tuesday 11th June 2019, the SRA disclosed that a member of the public had been exposed to a convincing phishing email claiming that they were due a windfall.
Phishing attacks are the fraudulent practice of sending emails claiming to be from a reputable business or member of the public to convince the recipient to part with their sensitive data or money.
The SRA were alerted to a scam email purporting to be from an SRA regulated solicitor, Lloyd Chance who was working on behalf of the law firm, Lloyd Chance Law Office.
The law firm claimed that the recipient had been left a substantial inheritance by a Kenneth Fall and Donald D Kern.
The email also used the legitimate looking domains ‘solicitorlloydford@gmail.com’ and ‘Lloyd.chance@lloydchancelawoffice.com’ to convince the recipients into claiming their potential windfall.
The cyber criminals also used a legitimate, SRA serviced law address in Hanover Square, London. As the public become a lot more savvy and cynical in regards to the emails they receive, the fact that criminals are using registered premises, domains, SRA numbers, SRA regulated solicitor names and SRA regulated law firms when creating their scams adds legitimacy and authenticity to the fraud, increasing the chances of the public falling foul of these scams.
Whilst both the law firm and solicitor were fictitious and not regulated by the SRA, the attack used sophisticated and convincing documentation to help trick the consumer into parting with their personal data and money.
Following the initial email, the fraudsters sent forged practising certificates and a Deed of Trust to increase the authenticity of the attack. Preying on the public’s relative legal naivety, sophisticated phishing attacks will often use a convincing legal lexicon or documentation to confuse the public and even convince fellow law firms into clicking on links that could contain malware or other forms of digital virus. Even simple documentation can become convincing if it uses a formal and legal sounding language.
Cyber criminals have specifically targeted legal services in recent years and are only increasing their efforts in 2019. The SRA issued 217 scam alerts for the year 2017/18 and 237 the year before this.
However, the frequency of attacks this year in increasing. Just last week, the SRA issued four separate email scam alerts impersonating law firms on the same day. All four scams were reported on 6th June 2019 where emails had been falsely claiming to be from a law firm or an individual working for the business.
Three out of four fraudulent attempts targeted professional employees at the firms, namely Glaisyers LLP, Kingsley Napleyy LLP, and CMS Cameron McKenna Nabarro Olswang LLP. While two of them tried to con unsuspecting members of the public to part with their money by requesting payment of deposit funds – and releasing a large inheritance by making initial payments of taxes or fees.
The SRA website advises that any law firm of individual subjected to fraudulent phishing should ensure they carry out appropriate due diligence before sharing data or money:
“If you receive correspondence claiming to be from the above firm(s) or individual(s), or information of a similar nature to that described, you should conduct your own due diligence by checking the authenticity of the correspondence by contacting the law firm directly by reliable and established means. You can contact the SRA to find out if individuals or firms are regulated and authorised by the SRA and verify an individual’s or firm’s practising details. Other verification methods, such as checking public records (e.g. telephone directories and company records) may be required in other circumstances.”
Is your business or law firm prepared to withstand increasingly sophisticated phishing attempts? Are your staff trained to spot the red flags of cyber criminality?
