Online scammers and phishers are masquerading as associates of the UK’s largest law firms such as DLA Piper and sending phishing emails to targeted victims to lure them into transferring money into their accounts, the Solicitors Regulation Authority has warned.
Late last week, the Solicitors Regulation Authority warned people that certain unknown cyber criminals were sending emails to unsuspecting targets by misusing the identity of solicitors Anna Middlebrook and Alan Cunningham of DLA Piper UK LLP.
Scammers masquerading as associates of top law firms
Those behind the scam created a fake domain to adopt and assume the identity of DLA Piper and then sent emails in the name of the firm’s solicitors by using fake email addresses that mimicked genuine email addresses owned by the two solicitors.
While solicitors Anna Middlebrook and Alan Cunningham own email accounts “email@example.com” and “firstname.lastname@example.org” respectively, email addresses used by cyber criminals to assume their identities were “email@example.com” and “firstname.lastname@example.org”.
“The scam followed a third party’s systems being compromised, and email addresses being set up to resemble those of genuine parties and their solicitors. Payment was then made into a fraudulent bank account,” SRA said.
“When a firm’s or individual’s identity has been copied exactly (or cloned), due diligence is necessary. If you receive correspondence claiming to be from the above firm(s) or individual(s), or information of a similar nature to that described, you should conduct your own due diligence by checking the authenticity of the correspondence by contacting the law firm directly by reliable and established means,” it added.
Earlier today, the authority also warned about unknown scammers creating fake email addresses to assume the identity of one Ella Farmer of Thorne Segar Limited and sending fraudulent and bogus emails to genuine firms and members of the public and providing a link to an attachment.
“The email seen by the SRA was entitled “Urgent Notice, FYI” and included an attachment which the reader was asked to review. A concern is that the link may contain malware. The email appears as if it were sent by the genuine individual and misuses the genuine contact details of the genuine firm. A concern is that the link may contain malware,” SRA said.
Yesterday, the Solicitors Regulation Authority also learned that scammers were sending emails to members of a genuine law firm by claiming to be Louisa Cilenti who is a director at the genuine firm of Lux Nova Partners Limited. The emails were titled “follow-up” and provided a link to a “remittance update”.
Phishing attacks unlikely to reduce as long as they are effective
Phishing attacks have been among the major worries for organisations based in the UK as the same are being used by cyber criminals to infiltrate organisations’ IT networks, steal confidential enterprise and customer data, and to disrupt operations.
Recently, security firm Agari warned that a Nigeria-based cyber crime group called London Blue had prepared a list of more than 50,000 corporate executives who it aimed to target with spear-phishing attacks in the near future.
The targeted executives are working at among the largest multinational corporations, several of the world’s biggest banks, large mortgage companies, and other small and medium companies across the globe, with over half of them being based in the United States.
“While involving employees in cyber security best-practice training course can certainly help to reduce the risks posed by phishing attacks, organisations should also consider more proactive methods to spot malicious domains before they strike, and should invest in an efficient, regularly updated email filtering system,” said Corin Imain, Senior Security Advisor at DomainTools.
“We are unlikely to witness a decrease in this kind of attacks as long as they continue to be effective: there needs to be a conscious, collective effort to minimise their success in order to make them go out of fashion,” she added.
ALSO READ: Spam-based phishing campaigns declined in 2018 but attacks on SaaS users rose