Virus-infected emails purporting to come from the Solicitors Regulation Authority appear to be a relatively unsophisticated 'spear phishing' attack, an international expert on cybercrime said today.
The SRA has warned firms to beware of emails purporting to contain news about possible investigations but with the sender's address not ending in 'sra.org.uk'.
Seth Berman, managing director in Europe of intelligence and risk management firm Stroz Friedberg, said the emails are probably an attempt to hijack law firms' systems with a virus in the attachment.
Spear phishing is a more targeted form of 'phishing' – the practice of sending fake emails to trawl for sensitive information such as passwords and bank account details.
'It's not sent out to 10 million people but rather to a very targeted specific group of people,' Berman said. 'If that's written well enough it is almost impossible to prevent.'
Fake emails seen by the Gazette purporting to come from the SRA are addressed to individual solicitors and include their SRA ID number as well as their office phone number. One header says: 'Important update from the SRA regarding your law practice, possible investigation'.
The SRA said that the information scammers are using is freely available in the public domain and there is nothing the regulator can do to prevent these emails being sent.
Berman warned that law firms should be constantly aware of such threats.
'Law firms are a particularly attractive target – they are easier to hack than most organisations,' he said. Partnerships are vulnerable because they have a high proportion of senior staff members who may not understand IT and are reluctant to follow corporate security procedures.
A virus downloaded with an attachment can create a 'back door' through which hackers can 'literally take over your system,' he said. The perpetrators could be after personal data, credit card details or client information, he said.
The SRA urged recipients of the email to forward it unopened to firstname.lastname@example.org, and then to delete it. Firms that have opened the attachment are advised to report it to their bank and IT provider.