Social-engineering scam hits DLA Piper lawyers in the UK

The ruse followed a third-party system being compromised

Social-engineering scam hits DLA Piper lawyers in the UK

Scammers posing as DLA Piper lawyers in the UK have used a social-engineering scheme to trick an entity out of money.

The Solicitors Regulation Authority (SRA) has warned that emails impersonating partner Alan Cunningham and associate Anna Middlebrook have been sent by scammers. Both lawyers are in the asset finance practice of the firm, which Cunningham leads in the UK.

“The SRA has been informed that a false domain name has been created to adopt and assume the identity of DLA Piper UK LLP. The emails seen by the SRA were sent from ‘[email protected]’ and ‘[email protected],’” the SRA said.

“The scam followed a third party's systems being compromised, and email addresses being set up to resemble those of genuine parties and their solicitors. Payment was then made into a fraudulent bank account,” it said.

The authority reminded people that DLA Piper UK LLP uses emails with the domain name of “@dlapiper.com.” It said that both the genuine firm and the solicitors mentioned above said that they are not connected to the emails that prompted the SRA alert.

DLA Piper said that it worked with the SRA to raise awareness of the scam and ensure that email addresses can be easily verified, Legaltech News said. The firm said that suspicious emails should not be answered and should be deleted. It also said that any ambiguity over the authenticity of correspondence can be directly brought to the firm’s attention.

The SRA also advised due diligence, saying that if people or organisations receive correspondence similar to that used by the scammers, they should verify the authenticity of the correspondence by contacting the law firm directly by “reliable and established means.”

It said that the SRA can be asked whether individuals or firms are regulated and authorised and whether an individual’s or firm’s practicing details are genuine. It also said that other verification methods, including checking public records, may be required in other instances.