Bogus law firms on the increase

The number of fake law firms created to scam money from clients has increased by 57 per cent, a report from the SRA has revealed.

Spiders in the Web was published by the SRA a week earlier than planned in light of the recent scam emails carrying the name of the SRA, with an attachment that was possibly intended to harvest information from the addressed person’s computer.

These bogus law firms make up part of the growing wave of cybercrime that is targeting the legal practise and according to the paper the SRA received 549 reports of fake firms in 2013.

Many of these bogus firms steal the identity of existing law firms and advertise online to steal money from clients who think they are dealing with the real organisation.

The report highlights points out that cyber crime is becoming an increasing problem for law firms, with 63 per cent of small businesses attacked by an unauthorised outsider in 2013.

The growing wave of cyber crime can come in the form of hacking and malicious software to more specific crimes involving ransoming data and online activism.

An example detailed in the report is of ‘ransomware’ called Cryptolocker, which infects a computer through bogus attachments in emails and encrypts data on the computer, before leaving a warning message on the computer that the person has 72 hours to pay $300 or the encryption key to decode the data will be deleted, rendering the files unopenable.

Other examples highlighted the theft of data as part of corporate espionage including countries like China and Iran, while it was reported that it take 90 days to two yearsfor firms to realise they have been infected at all.

The SRA reminded legal practitioners that Spiders in the Web is intended only to highlight the emerging risk of cyber crime and help law firms ensure they go from ‘soft to hard targets’ through simple, straight forward measures that become good practise, including GCHQ’s ten-step guidance on security.

Some of these measures include regularly reviewing online security controls and password policies, as well as limiting data removal for staff in favour of online logins.

Further recommendations include treating cyber security as a senior management task, rather than delegating it to IT departments and also regularly searching their name online to combat fake branches.

Andrew Garbutt, SRA director of risk, said the SRA e-mail scam “shows that the risks we are identifying are very real with genuine consequences, and that all firms should make themselves aware of the issues, assess how they could affect them and take steps to mitigate against them”.

The cyber crime report Spiders in the Web can be found here: The scam involving the SRA can be found here:

Do NOT follow this link or you will be banned from the site!