The Law Society has been made aware of a case where a solicitor’s email system has been compromised, giving the fraudster access to their system.
The fraudster then sent phishing emails from within the system to other members of the profession. This phishing email contains a link to a document purporting to be a Contract for Sale. Given that the email was received from a colleague and appears to relate to a legal transaction, the recipient solicitor is less likely to be suspicious of its contents. (In this case, the recipients have been notified that the email was not genuine).
Following the link allows the fraudster to gain access to the recipient solicitor’s email system. This method has then been used to send emails to the recipient solicitor’s clients requesting that funds be sent to fraudulent bank accounts.
If you receive an email that you were not expecting or which appears unusual, requesting you to follow a link or click on an attachment, please contact the sender by a secure means, for example, from a known phone number and not that contained in the email or by post, to ensure its veracity, prior to clicking on the link. Please also ensure that all members of staff are aware of the possibility of fraudulent attachments or links contained in emails, regardless of the sender.
What to do in an emergency
If you have clicked on a link, contact your IT providers immediately and ensure they interrogate your system to ensure any malware installed is removed and the system cleaned. Also, ensure that no emails have been sent from your email address to others without your knowledge.
If you are a victim of a cyberattack, please contact the Cybersecurity team at cybersecurity@LawSociety.ie and a member of staff will contact you to provide any assistance possible.