Cybercriminals are eyeing up lawyers working from home as potentially easy targets for online fraud, the profession has been warned.

The Solicitors Regulation Authority said today it has received specific reports about law firms being targeted by criminals during the lockdown. In one attempt, fraudsters tried to create a standing order for £4,000 a month from a firm’s client account.

It is thought that perpetrators are trying to take advantage of lower levels of security brought about by remote working. Lawyers working from home for the first time may also drop their guard when outside of the office environment.

At the same time, solicitors are still handling sensitive information and large amounts of money, making them an ideal target for cybercriminals.

Paul Philip, SRA chief executive, said there was no sign that the threat of cybercrime was going away during the pandemic.

‘Criminals are always looking to take advantage and they know that security arrangements are likely to have changed as people move to homeworking,’ he said. ‘Several agencies have reported a spike in cyberattacks and we are beginning to get reports from firms that have been targeted.’

The National Cyber Security Centre and Action Fraud have already warned of the rising threat of cybercrime at this time. Spikes have been noticed in attacks on smaller businesses, while the NSCS reported a 400% increase in attacks across all businesses during the first two weeks of lockdown.

In the last month, the agency has removed more than 2,000 online scams, including 200 phising sites seeking personal information such as passwords or credit cards, and 555 malware distribution sites set up to cause significant damages to any visitors.

The SRA, which has published advice on stopping attacks, says firms should be training individuals about how to spot and combat fraud attempts, as well as introducing sensible and pragmatic security arrangements.

Laptops should be encrypted and systems installed to track and delete data from tablets and phones if they are lost or stolen.

Many firms are using remote meeting systems for team communications, but there have been cases of unauthorised people hijacking meetings where this platform has not been used securely.

Meeting hosts should set a password for access, set screen sharing to ‘host only’ and not leave meetings set to ‘public’.


*The Law Society is keeping the coronavirus situation under review and monitoring the advice it receives from the Foreign & Commonwealth Office and Public Health England.