This week the Solicitor’s Regulation Authority were a victim of the ever increasing cyber threat as hackers fraudulently impersonated the regulator in a series of emails which we sent to firms. The scam was an attempt to trick the recipients into believing that they had received a complaint and that an investigation was due to begin.
The attack came days before a new guidance for law firms was released to inform them how to deal with the threat of cybercrime. For the eagle-eyed, recipients of the fraudulent email may have noticed that it came from an address ending in ‘sra.org’, as opposed to ‘sra.org.uk’, which is the official suffix for the SRA. However, the email had been set up to look convincing, and should any victims have fallen for the scam, they could be at risk of infecting their systems with a virus.
The SRA have issued a warning to those targeted asking them to forward any emails of this type to the SRA before deleting it, and if they have opened an attachment to inform their bank and IT provider.
As a victim of cybercrime themselves, this attack has prompted the SRA to instruct law firms to take a look at their own cyber security.
Andrew Garbutt, SRA director of risk, said: ‘This scam shows that the risks we are identifying are very real with genuine consequences, and that all firms should make themselves aware of the issues, assess how they could affect them and take steps to mitigate against them.’
The SRA said it did not want to alarm firms, but stressed the impacts of cybercrime can present a ‘significant risk’ to clients and their assets and have a negative impact on the structure of the firm.’
Mitigate Cyber Security have worked to support the legal sector in their strategies to combat cybercrime, offering services such as penetration testing, training and consultancy and compliance around ISO27001 and Lexcel.
Please contact us today if you are looking for assistance in your plans to combat the threat of cybercrime.