On Monday 24th February a number of law firms began contacting the SRA because they had received an email with the heading:
Subject: Important update from the SRA regarding your law practice (XXXX & Co), possible investigation
To make it look genuine, the email contained the firms correct DX address and phone number. It went on to say:
We have received a complaint regarding your law practice and we will soon begin an investigation regarding your activity starting with the 1st December 2013 until the present day.
One Bold Group member firm called professional ethics: “I only got out the words “We have received an email” when the guy at the other end told me it is a scam, they have received hundreds of calls and are hoping to issue a bulletin shortly.”
Another said: “As the email looked genuine I naturally tried to open the attachment to see what the “complaint” was about. I wasn’t able to open it, there was a short message saying that I needed the correct Macros to open the attachment.
I then emailed SRA (by means of the “Reply” button), to ask them to send the details of the “complaint” by way of a PDF, but within a few seconds an “Undeliverable” message came back.
Finally I called the SRA, and having pressed option three of six equally inappropriate sounding options. I got a recorded message to the effect that a number of firms have received a spoof email about a possible complaint, and that you should not open the attachment.
So from the elation of establishing that there is not a complaint against the firm which is likely to lead to an investigation, in the same instant you realise instead, that you may have introduced a deadly virus into your network, which could trash your system.
I assume the SRA has been aware of this for a few days at least, to have been able to put a recorded message on their system, but would it not have been a good idea for them to notify all firms immediately, rather than just leave a message for already panicked principals and partners to pick up when they phone in to ask for details of the “complaint?”
Rob Hailstone, founder of the Bold Group, said: “When you receive an email, during the course of a busy day, purporting to come from the very authority that warns you about scam firms and scam emails it very easy to be duped into opening dangerous attachments or follow risky links. All lawyers and support staff should be made aware of the damage scam emails can do. I make it a priority to notify my member firms every time the SRA posts or sends out a fraud/scam alert. You can’t be too careful.”
There is now an official warning now on the SRA website: