Fraud alert - cyber fraud & scam emails (March 2014)
Cyber fraud against client account
A Scottish law firm has recently been the victim of a cyber fraud against their client account resulting in a significant loss.
While the exact details of the methodology used by the fraudsters is not clear yet, you are advised to use this email as a prompt to ensure that your businesses IT security systems are robust and up to date.
Scam emails from "SRA"
Scottish solicitors are now receiving scam emails which purport to come from the Solicitors Regulation Authority (SRA) and may refer to an investigation of the practice unit. It is understood that these emails contain a virus which could damage and compromise your systems.
You should not open this email. Instead please forward it to law enforcement via the Action Fraud website and the "Report Attempted Scams or Viruses" tab on that screen. If you have opened the email please report this to your IT provider.
The Society would also be interested to know how many of these emails have been received and if it has been opened and would be obliged if you could report receipt of such emails to us using the firstname.lastname@example.org email address.
More detail on the format of the emails is available on the SRA website.
The Scottish Business Resilience Centre (SBRC) offer an on-site Cyber Security Assessment which enables businesses to evaluate the level of protection within their systems infrastructure and provides guidance to resolve issues.
More information on this service is available on the Society's website or by calling the SBRC on 01786 447 441.
The HM Government publication – "Small Business: What you need to know about cyber security" – also provides useful advice on reviewing your IT security and implementing improvements.
If you have any questions, please do not hesitate to contact us.
Director of Financial Compliance
The Law Society of Scotland