The Solicitors Regulation Authority has urged firms to increase their cybersecurity after fraudsters tried to pose as the regulator to hack into computer systems.
Emails sent out to firms this week falsely claiming to be from the SRA were in fact attempts to infect systems with a computer virus.
The emails refer to a complaint against the practice being contacted and warn that an investigation is about to begin. They come from addresses ending in sra.org rather than the official sra.org.uk.
An SRA spokesman told the Gazette its email system had not been hacked but instead someone had set up emails to appear to be from the regulator.
Anyone receiving the message should forward it to the SRA and then delete it. If you have opened an attachment it should be reported to your bank and IT provider, the warning said.
Andrew Garbutt, SRA director of risk, said: ‘This scam shows that the risks we are identifying are very real with genuine consequences, and that all firms should make themselves aware of the issues, assess how they could affect them and take steps to mitigate against them.’
The attempted scam came just days before the SRA was due to release new guidance on how to deal with online fraudsters, hackers and activists.
The SRA said it did not want to alarm firms, but stressed the impacts of cybercrime can present a ‘significant risk’ to clients and their assets and have a negative impact on the structure of the firm.
Firms can adopt controls including ending or restricting the use of email attachments in favour of secure direct logins and keeping anti-virus software fully updated. They should also ensure staff can access only files that they need, to protect against insider attacks.
The SRA cited advice from the Department for Business, Innovation and Skills recommending that firms should see managing the risks of cybercrime as a ‘board-level or senior management responsibility’.
‘Treating this risk only as a technical area for IT specialists can lead to many important preventative measures being missed,’ added the guidance.
‘Firms that have reason to believe they may be the targets of more deliberate attacks, for instance for the purposes of commercial espionage against major clients, should consider taking expert advice.