SRA Warn Conveyancers And Solicitors Over Fresh Phishing Scam

The SRA have warned its members of another high profile email conveyancing scam.

The Solicitors Regulation Authority (SRA) have warned its members of another high profile email conveyancing scam that is currently targeting a number of conveyancing firms.

A number of solicitors have been sent an email claiming to be from SRA regulated law firm, Percy Short & Cuthbert.

The email’s content convincingly references a revision to a proposed completion statement. The email purports that the Stamp Duty Land Tax (SDLT) amount has been included along with an appointment time and date for signing vital documents.

The email’s call to action instructs the email recipient to open the attachment and review the documentation.

Whilst this is all vital and important information, the email is not genuine. The fraudulent document uses clear and sophisticated social engineering techniques by adopting a common lexicon associated with a house moving process.

It is advised that any conveyancers who receive an email from this firm should avoid opening any link as it may contain malware that could expose your firm to severe vulnerabilities.

The SRA have confirmed that they authorise and regulate a genuine firm currently operating using the name Percy Short & Cuthbert Solicitors.

According the SRA security team, the email, sent by the cyber criminals, originated from Jantakan Yotaka, using the email address, juntakan.yo@cspsteel.com.

The genuine firm confirmed that it has no connection to the phishing email being sent to various conveyancers. Any communication sent by Percy Short & Cuthbert Solicitors will use the domain www.percyshort.co.uk.

The SRA advise:

“When a firm’s or individual’s identity has been copied exactly (or cloned), due diligence is necessary. If you receive correspondence claiming to be from the above firm(s) or individual(s), or information of a similar nature to that described, you should conduct your own due diligence by checking the authenticity of the correspondence by contacting the law firm directly by reliable and established means.

“You can contact the SRA to find out if individuals or firms are regulated and authorised by the SRA and verify an individual’s or firm’s practising details. Other verification methods, such as checking public records (e.g. telephone directories and company records) may be required in other circumstances.”

Cyber crime is becoming ever more sophisticated, more frequent and wide ranging, especially in the legal sector so it’s important to understand and keep abreast of the different types of cyber threats.

Phishing has been cited as one of the most common cyber threats to law firms and the most effective form of infiltration. The SRA highlighted this year in a presentation about cyber crime that the vast majority of cyber attacks reported to them involve email compromise – and everybody is now 20 times more likely to be a victim of cyber crime than a victim of in-person crime.

To avoid sensitive data being stolen it is vital that firms implement cyber security measures so that they are not exposed to cyber criminals. To shield yourself from email impersonation fraud you should install Lawyer Checker’s DMARC’s service. This sophisticated web-based system effectively secures your firm’s email by actively blocking phishing attacks and preventing 3rd parties from impersonating your email domain to any recipient such as your clients and employees. 

Cyber crime is certainly showing no signs of slowing down in 2019 with the SRA reporting many scam alerts. It is therefore imperative that all firms put strong security measures in place to avoid sensitive data from being stolen causing irreparable reputational damage.