how to spot scam solicitor emails
Do you know how to spot scam solicitor emails?
We want to create a library of the different types of scam solicitor emails. From phishing emails to full on embedded links with viruses.

By having a centralised gallery we can help the legal industry spot and block scam emails. Updated with examples up to 19/07/2024.

How to spot scam solicitor emails

(Last Updated: 23/10/2023)
9 min read
Property solicitors find themselves under attack from cyber criminals using increasingly sophisticated techniques to obtain their clients' data. Conveyancing clients are a prime target for this type of scam as, in most cases, they hold a large sum of money that they are looking to use to buy a property or are expecting proceeds from the sale of their homes. In 2017 cyber crime robbed clients of £7 million and in 2015-16 £1 billion was lost to business from online crime (source: Solicitors Regulation Authority).

The Solicitors Regulation Authority (SRA) understands the importance of vigilance in relation to cyber crime and has highlighted some of the more important areas to be briefed about within a release by its Chief Executive Paul Philip called IT Security: Keeping information and money safe.

In our article, Conveyancing scam could cost you £1,000s we highlighted the risk of fraud relating to bank details, however we are seeing new techniques being used and this article is aimed at helping you spot and combat these evolving threats.

What are the risks of scam solicitor emails?

Knowing what the risks are will help you check and spot them when they appear in an email.

What is it?
How can you spot it?


viruses can cause anything from comparatively minor to very serious damage to your hardware, software or files. You can only get a virus if a computer user runs an infected program from a link in an email or an attachment. If a solicitor gets a virus then the virus can spread to other computers both in their office and to their clients and other solicitors by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.

The only way a virus can get into your PC is by clicking a link on an email, on a website or via a data stick or CD. Viruses need to be let in, they can't find their own way in.


A worm is like a virus and spreads from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm is very dangerous for a conveyancing solicitor as it can copy itself and email your contact list.

The only way a worm can get into your PC is by clicking a link on an email, on a website or via a data stick or CD - just like a virus.


A Trojan horse is not a virus. It is a destructive program that mimics a genuine application - it might, for example, look like a link to a OneDrive file. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users and/or programs access to your system, allowing confidential and personal information to be stolen.

Aa Trojan can only gain access to your system if you let them like a virus or worm.

4 Tips on how to spot and combat scam emails and email hacking


    Check the download link from clients

Businesses often email with links embedded into words. These words lead you to believe that by clicking them you'll go somewhere useful or informative, however when you click the URL it can download a virus, worm or Trojan. This is an example of how you can hover over a link before clicking it to see what the link is before you click it - Hover over here and look to the bottom left of your monitor to see the URL. When you get a link in an email if you hover over it the link will appear above the word. Make sure not to click on any link when you do not recognise the URL.


    Check the name and email address

You sometimes get a name at the top of the email next to the email address of who has emailed you; especially if you email that client on a regular basis. Scammers use this technology and show the name of someone you recognise, but the email address is different. Always report these emails as spam and flag them to your IT department.

Scam email addresses and names to watch out for:

Do not reply to these emails

Name of Sender
Scam email address of sender
Robert Arthur - now not all emails like this are scam as many clients use an alias such as or however you will need to clarify with your client that this is a real email and not a scam.
Rachelle Moskowitz | Kingford Solicitors - if this was from Kingford Solicitors then the domain for the email wouldn't state
James Woods | Savills - if this was from Savills then the domain for the email would be Savills not using two ii's - saviills


    Were you expecting the email?

Scammers often hide behind a well-known brand or brands to get a solicitor to click on a link they believe to be real or relevant. These messages could be:
  • Microsoft Outlook - Your account has been temporarily blocked. Click the link to activate.
  • Microsoft Outlook - Message failure.
  • Microsoft Onedrive - Click to download documents.

Here are some examples of what scam emails look like

[None of the example emails below have clickable links]

Solicitors email hacked - Example

Solicitors email hacked Example2

Solicitors email hacked - Example3


    Some emails look very real

As we have seen above scammers often design emails to play upon what a solicitor would expect to see in a bona fide email message - for example, emails which concern unblocking an account or dealing with a change of password issue - which might be seen quite often by solicitors, which is why scammers focus on these messages. The challenge though is how the scammers are evolving their messages to link into the conveyancing process and for the client and the solicitor it could be a very authentic-looking message (as you'll see in the example below). The things to look for in the email are:
  • Email format - does the email have a salutation, use first names (or last if this is your normal communication style) and does the signature look the same as previous emails received? Scammers struggle to replicate the formal format of a solicitor.
  • Does the email make sense? - scammers aren't property solicitors so the context in the email is often incorrect.
  • Spelling and grammar - as sophisticated as email hackers are, their spelling and grammar are more often than not atrocious. Look for this as a sign of a scam email (see the example email below).
  • Are the email address and name the same? - unless the email hackers have access to your email exchange they are unable to email from your email account. For example, only our company can email from my email address (unless your computer has been hacked - see below) However, email scammers often use similar email addresses to make it seem the email address is correct. For example, or The SRA reported in 2017 that 500 law firms had been targeted by clients using this approach (these are just the reported cases).

Example of scam email content

I confirm that the Property that you are purchasing has got good and marketable title and there are no adverse conditions affecting it.

You are required to make payment of outstanding funds of purchase price for completion to occur, what date do you intend to make payment, do you have funds in place ? what date is suitable for completion to take place, i will advise completion should take place before the end of next business week, let me know so i can forward our Client care account for receiving funds.

I look forward to hearing from you in due course


As you can see, the spelling and grammar are bad in this email and the context shows a lack of knowledge of the conveyancing process. If you receive an email like this never reply to it and flag it to your Manager or Head of IT.

What can you do to protect yourself?

Although Microsoft Office has a robust defensive 'auto-junk' tool, cyber criminals are getting more and more sophisticated.

It's always worth getting an extra layer of protective software for your system/s.

While I don't publicly endorse any software commercially here, I've found Malware Bytes - which you can download for free - to be an excellent program for this purpose: you can run an audit of all your computers (on a 'one-by-one' basis) periodically to check for threats (and quarantine/delete them if found) or immediately after you suspect a threat has occurred.

Larger organisations may wish to go further and pay for more sophisticated software which typically is better suited to more complex networks and is likely to be updated very frequently and automatically.

At press time, SOPHOS and Mimecast were names of products/companies offering this kind of paid-for software which were recommended for larger organisations.

What can you do if you have been hacked?

The first sign that a solicitor's email account has been hacked is often a client getting in contact after receiving an email purportedly from their solicitor and asking what the email meant and/or were the meant to receive it. Once put on notice you need to inform your manager and or your IT department.

However, if you are an SRA-regulated firm of solicitors, you are under obligation to report the incident if your client account has been affected. The SRA has stated:

"You have an obligation to report an incident to us if there is a shortage on the client account. It is important that firms that are involved in cyber crimes meet their obligations to replace any monies that have been wrongly paid out of the client account."

The guidance goes to to state:

"We have, in the last two months, disciplined two firms for not making good on client shortages in a timely manner."

The SRA additionally encourages its regulated firms to report all hacking, phishing and vishing* threats.

Click on the following link to view these guidelines and much more on the SRA's cybercrime page.

You might also wish to search the SRA's database for information about known scams and to see a list of recent ones reported.

For further information about cyber fraud and scams in general, please visit Action Fraud's website.

Naturally if a client is affected you should inform them as soon as possible if you have reason to believe that there is a risk to their personal data in order to be compliant with the General Data Protection Regulations (GDPR) which were rolled out in May 2018.

How do you report cyber fraud and scams to the SRA?

Click on the following link to provide information online to the SRA.

Frequently Asked Questions
Andrew Boast of Sam Conveyancing
Written by:
Andrew started his career in 2000 working within conveyancing solicitor firms and grew hands-on knowledge of a wide variety of conveyancing challenges and solutions. After helping in excess of 50,000 clients in his career, he uses all this experience within his article writing for SAM, mainstream media and his self published book How to Buy a House Without Killing Anyone.
Caragh Bailey, Digital Marketing Manager
Reviewed by:

Caragh is an excellent writer in her own right as well as an accomplished copy editor for both fiction and non-fiction books, news articles and editorials. She has written extensively for SAM for a variety of conveyancing, survey and mortgage related articles.

People also searched for

Estate Agent Solicitors

Forced into using estate agent's solicitors?

4 Ways to Avoid Inefficient conveyancing solicitors from SAM Conveyancing

4 Ways to Avoid Inefficient conveyancing solicitors

What does a solicitor do for the buyer

What does a solicitor do for the buyer

A confused man stands outside a solicitors office door which reads 'Closed' SAM Conveyancing explain what happens when 'My solicitor has ceased trading' and what you should do next

My Solicitor Has Ceased Trading