Secretaries and junior lawyers at an array of law firms have been targeted in a mass phishing scam.
Employees received emails last week purporting to be from senior partners. At one London firm, PAs and young, female lawyers were specifically picked out by the fraudsters.
"All the PAs received a message ostensibly from the senior partner asking them for help with an urgent matter which turned out to be spending £1500 on iTunes gift cards", said a source, who asked for her firm to remain anonymous.
The emails were sent from a temporary Gmail address, phrased to read "just like a c-level lawyer unused to doing their own messages", said the insider. "The fact that the scammer was there and responding immediately made it even more convincing".
Victims were told to buy hundreds of pounds worth of iTunes gift cards for an urgent presentation, and to email the unique codes to the 'partner'. The conmen relied on some of the targets not being familiar with the widespread scam, in which the scammers sell the codes on, or buy items from Apple, at their victims' expense.
A source passed on correspondence between a PA and a scammer:
"She cottoned on shortly after this", said the insider.
DLA Piper said a small number of its people were hit with spoof emails but that, in all cases, "they were quickly reported to our Information Security team without engaging with the scammer". As they should, given that DLA Piper goes as far as to put staff through fake scam exercises. A spokeswoman said, "we regularly remind our people of the importance of vigilance and also run exercises with phishing simulation providers* to ensure our people can recognise a phishing attempt and know what to do if they receive a suspicious email".
*But what if the scam simulation company is a scam? What if this is a scam? Find out by submitting your bank details here.