The Law Society has warned firms to be vigilant before opening emails after solicitors received scam ‘Trojan horse’ emails purporting to come from the Society.
The fraudulent emails have been sent from an email address that ends in @lawsociety.org.uk but opening with a random combination of letters and numbers, for example ‘firstname.lastname@example.org’.
They appear to have a Microsoft Word document attached and the subject line: ‘Notification regarding a fraudulent activity involving [recipient name]’. The attachment, concealed by the Word program logo, is a zip file apparently containing a virus.
The Society stressed that the messages do not come from the Law Society and should not be opened, forwarded or downloaded, but deleted. Recipients who have opened the email should contact their IT provider for support.
A Law Society spokesperson said: ‘The illegitimate emails are being investigated as a matter of urgency by The Law Society with the assistance of appropriate technical and law enforcement agencies, including the National Crime Agency. The Law Society systems have not been compromised, the emails are originating from a third party.’
The Society has also published a webpage with further guidance.
The scam resembles attacks on firms earlier this month in emails purporting to come from the Solicitors Regulation Authority.
Cyber-security experts described the attacks as relatively unsophisticated 'spear phishing', in which hackers send plausible-looking emails to individuals whose details are gleaned from public sources.
The aim is to persuade the recipients to open the attachment, which contains a virus capable of taking control of their systems and harvesting sensitive data such as passwords.