Protecting your firm if you fall victim to a scam

What is the issue?

  • the regulatory and legal requirements that apply when a firm's client account has fallen victim to scammers
  • overcoming problems which might otherwise lead to its failure and forced closure

Preventing scams and coronavirus

Law firms are a significant target for fraudsters during the coronavirus pandemic. They are handling large volumes of personal data including sensitive financial data and are stretched due to the need to provide ongoing legal services to clients while most staff are working from home with systems being used in a manner and volume that they were never intended for.

During the coronavirus pandemic, specific scams have included phishing emails sent seeking:

  • to impersonate organisations like the World Health Organisation (WHO), National Health Service (NHS) or the UK government
  • to encourage the recipient to follow malicious links, download malicious software (malware) or software that seeks to lock access to the system in return for payment of a fee (ransomware)

There has been a 400% increase in coronavirus-themed phishing emails in March 2020 alone according to UK Action Fraud. Google estimates that one in five of the 100 million phishing emails it blocks every day are coronavirus related, preying on the lack of knowledge, and in many instances, fear, of the recipient.

This practice note has been updated to reflect the risks created by the coronavirus pandemic and the reality of operating a law firm in conditions of lock down. It also includes links to additional advice and guidance that may help.

This practice note is the Law Society’s view of good practice in this area, and is not legal advice. For more information see the legal status.