Alert - Fake Solicitor Websites

Cybercriminals are actively targeting law firms across Australia through increasingly sophisticated scams. This alert aims to raise awareness of the new tactics being used and the risks they pose to legal practices.

The LPLC is aware of scams that not only impersonate a law firm’s emails but also produce fake websites that are near-identical copies of the authentic law firm’s site, hosted on a spoofed domain. These fake sites often replicate design, branding, text, and even staff details to appear convincing to both the public and potential victims.

1. Domain spoofing and registration:

Cybercriminals register website domains that closely mimic legitimate law firm domains, often differing by just a single character (e.g., replacing 'o' with '0'). These fraudulent domains can obtain valid secure website (TLS) certificates, making them appear legitimate. The criminals may also clone the real law firm’s website, so that a visitor to the fake domain sees a page that looks almost identical to the real one.

2. Targeted phishing campaign:

Using these spoofed domains, criminals contact businesses in the firm’s local area or organisations that may have dealings with the firm. They are looking to engage with people with whom they can initiate an email exchange, typically to request quotes from these businesses.

3. Malicious payload delivery

When businesses respond to these seemingly legitimate requests, criminals follow up with a phishing scam. The malicious attachments or links may be disguised as a PDF file or a DocuSign link. In reality, they contain malware designed to steal credentials or install ransomware.

• Reputational Damage: Impersonation can erode client trust and harm your firm’s reputation.

• Financial Losses: Successful attacks could lead to theft of confidential information, fraud, and business disruption.

• Legal & Compliance Exposure: Victims may be exposed to potential regulatory action in the event of data breaches.

If you suspect or discover impersonation of your firm’s website:

1. Notify your IT and security team immediately

• Escalate the incident for containment and investigation.

2. Alert your clients and local partners

• Issue urgent warnings to your client base and local business network about the impersonation.
• Advise your clients and business associates to take extreme caution regarding suspicious communications from domains similar to yours.
• Provide your clients and business associates legitimate contact details for verification

3. Contact domain authorities

• Lodge a complaint with .au Domain Administration (auDA) under the .au Dispute Resolution Policy (auDRP)

4. Report to authorities

• Lodge complaints with the Australian Cyber Security Centre (ACSC), Scamwatch Aus, and Victorian Legal Services Board + Commissioner as applicable.

5. Monitor and review

• Closely monitor suspicious domain registrations and your firm’s email traffic for future attacks.

• Consider registering common variations of your firm’s domain name to prevent misuse.

• Employ email and domain monitoring tools to detect early signs of impersonation. Ask your IT or cybersecurity specialist if you require assistance.

• Educate your staff, clients, and business associates about phishing risks and safe online practices.

Stay vigilant. Protect yourself and your clients.

For more guidance on cyber-crime, see the LPLC Cyber Guide, the LIV Cyber Hub and cyber.gov.au.