We operate in a world in which we are constantly exposed to criminal activity undertaken by sophisticated crime syndicates, normally based outside the country. There are several different types of crime and the type of scam is constantly evolving. There is a need for both professionals and consumers to be on guard and to be educated to spot the true scam attempts and to know what to do when one is identified.
A scam is a type of fraud that criminals use to trick both professionals and the consumer into giving up money and personal details. Sometimes criminals will use the names of law firms, solicitors or other individuals regulated by us to make their scam seem genuine, either with or without their knowledge.
Scams can take the form of unsolicited emails, text messages, telephone calls or direct mail. Emails sent can also contain viruses some of which are designed to allow the criminal to gain access to your computer with a view to obtaining personal details of clients, bank details and other confidential information. Alternatively the criminal take control only agreeing to release the captured data in return for a ransom payment.
One type of email is an email sent from an address which is not specific to the purported sending individual or firm but which purports to be from a member of a legitimate legal firm. Its this particular email which seems prevalent and which is now proving to be a daily occurrence. All one needs to do is to look at the Solicitor Regulation Authority Scam Alert Register to see how many of these are happening each week.
My question is that should this type of email, which is not by any means a sophisticated scam, be viewed as one which is reportable and allowed by some independent third party holders of this data, to suggest or imply that the ‘victim’ business may have in some way brought about the scam or is associated with it.
I say this is not a sophisticated 'scam' because to create an email address and to then add a simple signature strip to pretend the email has come from a particular legal practice does not involve very much ingenuity. It takes no longer than a a couple of minutes and to be able to send this out to other lawyers involves nothing other than a perusal of Find a Solicitor website. As I say not rocket science.
I have first hand knowledge of this since my business was reported to the SRA and has also as a result of the incident, had a “notice’ added alongside our name on a data base held by a well known commercial solicitor checking service.
The email had an attachment and was sent to a number of legal firms and was sent not from a clone of our business email address but rather from a personal email address. This was very clear and all that the email had which related to our business was the name of our business in a typed signature strip. The email was clearly a fake and unless the professional person receiving it has lived on a different planet for the past year or so, it should have been abundantly clear that the email was ‘spam’ at the very least, and should be deleted.
Our only connection to the email was the use of our name within the body of the email.
Notwithstanding this we were required to report it the SRA and as mentioned anyone searching our name on the SRA website and the third party database will see that we are associated with what should have been labelled 'spam' rather than 'scam'.
Not happy with this, we lodged a complaint with the SRA and wrote to the third party verifier. Despite these efforts we still have the 'scam' associated with our business and this has meant that from time to time we are required to defend ourselves when other businesses contact us enquiring about what happened and making sure we were in no way involved in the 'scam'.
My question is that should all types of spam be regarded as reportable, or is it reasonable to expect most lawyers, using both common sense and a degree of intelligence, to differentiate between a poor and pitiful effort to 'scam', as was the case here, and the more serious type of scam. Is there not a fear that by reporting everything that might look to be a scam ( whether it is or not ) the real and more damaging scam will become less visible to detect?
The argument advanced from the third party verifier is that ‘sadly not everyone spots the obvious and people are conned by emails purporting to be from legitimate firms when they are not’.
It also claims that the credibility of those businesses who appear to have been held ‘guilty’ for no reason other than association has not been affected by this type of scam. Its also argued that if someone purports to be you then you have a moral if not professional duty to warn your clients and other firms to ensure that they are not misled by criminals.
Fair points. However, the email in question was not directed at the consumer, it was an email which was being sent purportedly on behalf of our business from an email address which did not even feature our business name within it. The ‘red flag’ points within the email were clear and obvious. If the email address was a clone of our email address then yes we would have had a moral and professional duty to warn, but this was not the case.
Surely after all of the publicity and professional guidance issued over the past year or two, has the time not come for the SRA and commercial scam data base holders and publishers to be more discerning in the reporting and labelling of scam attempts. On this note, the third party company has refused to remove the notice registered against our name or to put an explanatory note against it.
By having this blot on our copy book through no fault of our own we do face the prospect of suffering damage to our reputation due to risk of other businesses dealing with us taking the view that we have been the subject of a genuine ‘bogus solicitor' attack when clearly we have not. I raised this with the third party data collector and publisher and was told this was nonsense. I have not take this any further but it would be interesting to take an opinion on whether the publisher of data which is capable of giving a misleading image of a business can be held accountable for any loss arising.
Hopefully those reading this will not consider that I am looking to undermine the fight against fraud. On the contrary I am saying that unless we can when receiving data be able to filter and correctly categorise the incidents there is a real danger that the profession will start to switch off to the threat due to the the overwhelming number of reports and warnings issued.