Beware of a spate of fraudulent emails apparently from the SRA, relating to investigation of your firm. There have been two known versions, around 24th February, and again since 3rd March. These look, to all accounts, like legitimate emails from the SRA, but contain dangerous viruses which could prejudice your system security.
To date, these can be spotted by checking the addressee: if it comes from [xx]@sra.org, rather than [xx]@sra.org.uk, then it is a fraudulent email.
If you receive an email message of this kind, please forward it to email@example.com then delete it.
If you have already opened an attachment to a message of this kind, you should report it to your bank and IT provider.
Below is an example of the scam email message solicitors' firms received on 24 February. Details included in the actual emails include the addressee name and the name of the firm name, and an SRA ID number. The emails received in March follow a very similar format.
From: Solicitors Regulation Authority (SRA) [mailto:firstname.lastname@example.org]
Sent: 24 February 2014 15:11
To: Xxxxxx Xxxxxx
Subject: Important update from the SRA regarding your law practice (XXXX XXXXXX XXX), possible investigation
Important update from the SRA regarding your law practice, possible investigation
For the attention of XXXX XXXXXX XXX (XXXXXX- -).
We have received a complaint regarding your law practice and we will soon begin an investigation regarding your activity starting with the 1st December 2013 until the present day.
We will also call the following number: XXXXXXX.
Please find the complaint attached.
How Lockton can help
Information Security is an increasingly important and complex issue for law firms. We have recently held a Risk & Compliance Forum on the subject - and will be following this up with a webinar on the same topic, to be scheduled shortly. Check our events page for details.
While more and more firms are looking to cyber liability cover, the first priority should always be implementation of practical risk controls. Clients can download our guidance notes on a range of information security topics by logging in to our secure client site. Alternatively for advice on a specific issue of concern, contact our Risk Manager, Calum MacLean.