How to detect a cyber-attack via email at your law firm

Two office workers touching a cyber security icon on a window screen


The SRA recently confirmed that 100% of the reports of cybercrime they had came from email fraud. In addition, 98% targeted conveyancing, as it’s easier for fraudsters or baddies to try and defer large sums of money in this area of law. It’s therefore hugely important that law firms understand how to detect a cyber-attack via email.

This blog explores the various signs to identify suspicious emails that may lead to a cyber-attack via email.

Why do scammers want to access your email account?

Before looking at how to detect a cyber-attack via email, it’s important you understand why baddies want access to your email account.

When they have access to your email account, they can see emails that have come in and gone out of your account. This will give them access to a wide range of data.

This is especially dangerous for law firms as it could include details of transactions that are about to be made, together with personal details of those involved in the transactions. This could significantly help them when they’re trying to commit fraud.

Having access to your email account will also mean the baddies will have access to your calendar. If they’re planning to send fraudulent emails from your account, it’s more likely that they’ll do it when they know you’re not going to be online. That way, there’s more chance of you not noticing suspicious activity until it’s too late, and the damage has already been done.

What are the signs to identify suspicious emails that may lead to a cyber-attack?

When looking at how to detect a cyber-attack via email, there are numerous signs to look out for.

1. Emails with links asking you to sign into your account

The easiest and most common way for baddies to access your email account is by sending you a link, asking you to sign into your account. There are many different ways they do this. It might be an email from an account that appears to be Microsoft or Google, asking you to re-enter your password via a link. It might be an email from another source asking you to log into your email from a link, so you can sign a document. Even if it’s from an email sender you know and trust, their email account may have been hacked.

When you click on these links, the pages you go to are not genuine and instead of logging into your account, your details are stored. So, avoid clicking on these links in emails.

2. Emails saying that bank account details have changed

You’ll no doubt have heard about, or even received, emails that say things like “we’ve just changed our bank details”. Again, even if you trust the sender as you know them, they too may have been hacked, so it’s important to verify this. Give the person a call but don’t use the phone number on the suspicious email.

If you don’t verify this and it is the baddie’s bank account, it’s unlikely that you’ll see that money again.

3. Emails no in the style you'd expect from the sender

When you receive emails from suppliers, colleagues, clients, friends or family, usually, they tend to have their own style, using specific language and terminology. If you receive an email from someone you know, and it doesn’t use the style you’d expect from them, you should consider the email suspicious.

Again, try to authenticate the email by speaking to them, but if you call them, don’t use the number on the suspicious email. Remember, the email might be coming from the genuine sender’s account, but it doesn’t mean it’s them.

Knowing how to detect a cyber-attack via email from someone you don’t know when you don’t know their style, can be trickier. However, you can still consider the style. For example, if it was coming from a lawyer from another company, are they correctly using legal terminology?

Regardless, if anyone is asking you to transfer money, or do something else which may lead to fraud, think twice!

4. Emails with a sense of urgency

Many baddies send emails that ask you to do something as a matter of urgency. This could be something such as, your account will be deleted, or you’ll be fined if you don’t pay within a short space of time. They may even send emails posing as a manager from your business, asking you to transfer money, for example, saying they’re stuck in a conference and urgently need to make a payment, but their card is blocked.

Baddies want you to panic. They know you don’t want accounts to be deleted, get fined, or get in trouble at work, so you’re likely to take action quickly, as you’ve had little time to think.

The SRA recently said that 82% of the breaches that had been reported to them were as a result of human error, due to being under pressure. Therefore, if an email suggests you make a transaction quickly, don’t panic, think twice and do your due diligence.

5. Emails with signatures that are not quite right

Many baddies pose as reputable organisations, such as Gov UK, Royal Mail, high street banks, etc. Therefore, they include an email signature from that organisation, which often includes a logo.

It’s important to always check the email signature as there can be clear signs in detecting a cyber-attack. The signature and disclaimer may not use the right language or terminology or may even have spelling errors. The logo may be pixelated, stretched, or just seem a little off. If the email signature is suspicious, don’t click on any links.

6. Emails with email addresses that are suspicious

You may receive emails that name the sender and appear genuine. However, if you click on, or hover over, the email sender’s name, the full email address can be seen.

Baddies often have email addresses that appear suspicious and don’t fit with the person they’re pretending to be or the company they’re pretending they’re from.

7. Emails that aren't expected

Although we receive emails all the time that we’re not expecting, if you receive an email asking you to do something that may be considered suspicious, and you weren’t expecting that email, this may be a cyber-attack via email.

Again, you can call or speak to the person the email is from to determine whether the email is genuine.

8. Emails from clients saying there are last-minute changes

Just like with AML, emails that ask for last-minute changes, such as changes to the amount to be transferred, or changes to the bank details are suspicious.

Pick up the phone and speak to the client before you carry out any changes that the email suggests. Last-minute changes can be a red flag, so make sure you do your due diligence.

9. Emails on Friday afternoons

In conveyancing, a lot of completions take place on a Friday afternoon. As it’s the end of the week and many people are tired and want to get home for the weekend, it’s when baddies know lawyers are at their most vulnerable. Therefore, a lot of cyber-attacks via email take place on a Friday afternoon. This is called ‘Friday Afternoon Fraud’.

Therefore, make sure you continue to be vigilant on a Friday afternoon. Never act on impulse and get dragged into the urgency of an email, and treat all emails with caution.

Does a telephone call to the sender prevent a cyber-attack via email?

The clear and simple answer is no. The tactics of scammers are becoming more sophisticated and sometimes, you can make a call to the sender to check if the email is real, and actually end up speaking to the baddie!

When you get a phone number to call, you should also do your due diligence on that phone number. Check their website, check directories and do internet searches on the phone number to check if it’s genuine. If the phone number isn’t the genuine phone number of the genuine person, you’re more likely to find an inconsistency somewhere.

It’s important to note that there have been times when numbers appear genuine, even after due diligence checks. So, you really need to watch out for the other signs and be extremely cautious.

If you’ve fallen victim to a cyber-attack via email and transferred funds, can the recipient’s bank help?

If you find out you’ve fallen victim to one of these scams and transferred funds, the speed of your response is extremely important.

Don’t wait for your bank to contact the recipient’s bank. Find out which bank the money has been transferred to, by checking the sort code. Then, phone that bank, explain the situation, and ask them to put a hold on the recipient’s account. Although the recipient’s bank is under no obligation to do this for you, you may get someone on the line who’s willing to cooperate with you.

Remember, you don’t have days to stop the recipient from taking money from their account, but hours or even minutes. If you leave it too long, the baddies are likely to have cleared that account and you’re unlikely to ever see that money again.

Preparing for a cyber-attack

With every preventative measure in place, cyber-attacks can still happen. That’s why it’s extremely important to have a process in place in the event that one does happen.

We’ve prepared a useful guide on preparing for a cyber-attack which you may find helpful.

Get in touch

If you need advice or would like to talk to us about one of our products or services, simply get in touch and one of our experts will be happy to help.


Testimonial from Right Legal
"We have been using Teal to support our compliance frameworks, and every aspect of our experience with them has been fantastic. From the training to the audits, and especially the ‘Ask Teal’ helpline, nothing is too much trouble, and you get quick support from some of the industry’s best compliance experts. Just having them there to support our continued growth takes a huge weight off my mind. Highly recommend to firms of all size and structure!"
Get in touch
Testimonial from Constantine Law
"We rely on Teal Compliance to provide responsive, practical compliance services to Constantine Law (we do not have an in-house compliance officer/function). I would encourage all solicitor firms without their own resource to engage with Teal: they know what they are doing and they provide peace of mind regarding day-to-day compliance matters as well as responses to unforeseen (tricky) compliance matters. They have become an indispensable partner to Constantine Law in our growth journey."
Get in touch
Testimonial from Streathers Solicitors
"We have worked with Teal for several years. They have provided us with AML training and also helped us put together our firm-wide AML risk assessment and our updated AML policy, along with assisting us with various issues as and when they arose. We have always found them to be very helpful, friendly, responsive and knowledgeable, and are happy to recommend them."
Get in touch
Testimonial from Streathers Solicitors
"We have had a relationship with Teal for a number of years and they have provided a valuable resource to our compliance team. Teal combine the delivery of a personal and friendly service with city level expertise."
Get in touch
Previous slide
Next slide