By George Ward
Fake Solicitor Email Scam
The UK’s Solicitors Regulation Authority (SRA) has warned about a new email scam targeting individuals by impersonating solicitors and demanding Bitcoin payments. This scam is part of a growing trend of cybercriminals using cryptocurrency to exploit unsuspecting victims.
According to the SRA, the fraudulent email appears to come from a solicitor named “Patrice Joyce,” with “[email protected]” as the email address. The scam email claims to possess the recipient’s data and threatens to release damaging videos unless a Bitcoin payment is made.
The SRA clarified that there is no solicitor named Patrice Joyce authorized or regulated by the authority. It added that the email domain “@attwaters.co” is a counterfeit and is not associated with the legitimate law firm Attwaters Solicitors or Attwaters Jameson Hill Solicitors.
These firms’ legitimate email domains end in “@attwatersjamesonhill.co.uk” or “@attwaters.co.uk.” Moreover, the email address used includes the name of a real solicitor, Manjot Kaur Henchie, known as Joyti, who works at Attwaters Jameson Hill Solicitors. However, Henchie and her company have denied any involvement with the scam email.
SRA’s Caution
Consequently, the SRA advised individuals to exercise caution and conduct thorough due diligence if they receive suspicious emails. Recipients should verify the email’s authenticity by contacting the law firm directly through reliable means and checking the SRA’s records to confirm the individual or firm’s authorization.
This scam is part of a broader pattern of email extortion schemes demanding cryptocurrency payments. In 2020, New Zealand law enforcement warned about a cryptocurrency scam where fraudsters claimed to have compromising information about victims’ online activities.
Compound Finance Site Hijack
Meanwhile, Crypto investigator ZachXBT has warned the cryptocurrency community about a hack on the Compound Finance website and is redirecting users to a phishing site. According to his findings, the website’s URL now redirects to a newly registered phishing site.
Michael Lewellen, a security adviser at the Compound Finance DAO, confirmed the breach and reinforced ZachXBT’s warning. He urged users to refrain from interacting with the site to prevent any loss of assets. Nevertheless, Lewellen assured the community that the core protocol and the smart contract funds remain secure and unaffected.
Previous Security Incidents
This incident is not the first time Compound Finance has experienced security challenges. In 2023, the decentralized finance (DeFi) protocol’s official social media account was hacked.
The attackers exploited the account to promote a phishing website, posting advertisements for free crypto tokens and urging users to click on a malicious link. However, the team recovered the account after four hours.
Phishing attacks are a growing concern in the cryptocurrency industry, with significant financial implications. In 2024 alone, phishing attacks have led to almost $498 million in losses.
Ronghui Gu, CEO of CertiK, a blockchain security firm, recommended the adoption of multifactor authentication (MFA) and other robust security practices to protect user data and assets. MFA, which requires users to provide two or more verification factors to gain access to a resource, significantly reduces the risk of unauthorized access.