The legal regulator for solicitors in England and Wales, the Solicitors Regulation Authority (SRA), has issued a warning on its website that cybercriminals are using its image to target law firms.
The SRA has received reports that emails disguised as their own have been sent to various law practices, purporting to be about pending investigations. This is the second time the SRA has warned solicitors not to open any attachments in such emails, but it admits that there is almost nothing it can do to stop them from reaching solicitors’ inboxes.
The issue has been reported again to the authorities for investigation and the matter will also be investigated internally, said a spokesman for the regulator. The data the fraudsters are using is freely available in the public domain and the regulator cannot do anything to prevent the emails from being sent, he said.
The first time the SRA warned about the fraudulent emails was on 24 February. The regulator reported that the criminals were trying to infect computers with a virus and urged law firms to improve their security and be sure to correctly identify legitimate emails from the SRA.
Those who receive emails that do not end with @sra.org.uk are urged to forward them to the regulator and delete them afterwards. Also, firms are advised to contact their IT providers as well as their bank if any attachments have been opened.
The government body is closely working with the National Fraud Agency to resolve the issue.