The Solicitors Regulation Authority has issued a warning over a scam email purporting to be from the regulator which contains malware.

The email falsely claims to be from the SRA and provides a QR code which the recipient is purportedly required to scan promptly. The QR code claims to be for ‘2FA Legal Membership Agreement’ but the regulator said the ‘concern is that the QR code may contain malware’.

The regulator routinely uses email to inform individuals and organisations of news, time-sensitive regulatory requirements and other important information. The notice advises recipients who receive emails claiming to be from the SRA to conduct their own ‘due dilgience by checking the authenticity of the correspondence’. 

Details of the purported email address are not being made public as doing so might aid scammers and encourage complacency, the SRA said. 'It’s best practice for the profession to be wary about any email with an attachment from an address they are not familiar with,' a spokesperson added. 'If we give info that asks them to be aware of one specific address, they might not take as much care as they should with others.'

This is far from the first apparent attempt to impersonate the SRA to compromise law firms’ IT systems. The regulator said it issued 260 scam alerts last year and 187 so far this year. 

In 2021, the SRA said ‘a large number of firms’ had recieved an email claiming to be from the regulator which ‘probably’ contained a link that would have allowed malware to be installed.  Firms were contacted by ‘various scammers’ pretending to be from the authority in an attempt to ‘extract senstive information or payments’, the SRA said at the time. Scam emails then also included firms being asking to fill out a compliance questionnaire.