Law firms warned by regulator of new cyber-crime threat

Law firms have been put on high alert as the Solicitors Regulation Authority (SRA) warns of new threats impacting hundreds of firms.

Benoit Daoust

In an update, the regulator said it has experienced an increase in the number of reports of attempted cyber-crime and that some 500 firms may have been targeted in a cunning new scam. It also warned solicitors to take care that they did not fall victim to the attempted infiltration of IT systems. The regulator explained how the scam works. It said that firms were sent emails requesting their services and once they reply they are sent attachments or links – both of which could contain malware which would allow the perpetrators to obtain passwords or financial details, copy or modify data on the system, and allow hackers to get into the firm’s network. Lawyers should pay particular attention to emails like this which relate to property sales and are sent from a recipient pertaining to be Margaret or Mary, it said. The SRA said: ‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business.’


Other advice from the regulator includes using cloud-based computing for storing, accessing and processing information as well as keeping software up to date, using anti-virus systems and encryption on mobile devices. It also recommends that files are backed up regularly and firms should ensure at least one back-up that is not directly and regularly connected to the main systems.


In 2016 the SRA had reports of around £7 million of client money lost to cyber-crime – with small businesses being the victims in nearly 50 per cent of cases. Anyone who believes they might be the subject of such a cyber-attack scam are being urged to contact both the SRA and the police.

Email your news and story ideas to: [email protected]