Scammers have attempted to infiltrate the IT systems of hundreds of firms, the Solicitors Regulation Authority has reported.
In an update published today, the regulator said it has seen increasing reports of attempted cyber-crime and warned solicitors to be wary of falling victim.
Firms have reported being sent emails saying their services are required: after they respond, the scammers send attachments or links to websites.
These attachments and links might contain malware which allows the perpetrators to control or undermine IT systems.
The SRA said some of the emails relate to a property sale and are sent from a ‘Margaret’ or ‘Mary Smollins’. The email firstname.lastname@example.org has been used to send rogue messages.
The SRA said: ‘While genuine potential clients might indeed send information in this way, law firms should be wary of the risks of malware infecting their IT systems, and take action appropriate to their business.’
Once malware is on a system, it can record everything typed over a long period to obtain passwords or financial details, copy or modify data on the system, and allow hackers to get into the firm’s network.
Firms are advised to use cloud-based computing for storing, accessing and processing information and to inform the police and SRA immediately if they have been contacted via these emails.
Other steps can include keeping software up to date, using an anti-virus system and using encryption on mobile devices. Files should also be backed up on a regular basis including at least one back-up that is not directly and regularly connected to the main systems.
In 2016 the SRA had reports of around £7m of client money being lost to cyber-crime. Almost half of all cyber attacks are aimed at small businesses.