BEWARE –  credential harvesting email phishing campaign in circulation

  • 12/08/2021

The email indicates the recipient has files to view/download and requests that users login using their credentials to access the files.

At present, these emails are known to have come from compromised law firms, however it is possible that these emails could come from any organisation that has been compromised.

The difficulty of spotting these emails is increased due to them coming from a legitimate source or known sender.

Everyone is reminded to be wary of emails asking you to login to any system to view/download files, consider:

  • Were you expecting this email or has it come expectantly even if it is from a known sender?
  • Has the user ever previously asked you to login to a system to view/download files?
  • Are you able to verify with the sender by phone or in person that the email is genuine?

If you receive a phishing email you are reminded that you should follow your own organisations policies and procedures and that you may be required to notify your IT department.  If you do not have an IT department you can forward phishing emails to [email protected]

If you think you may have received an email and provided your credentials, notify your IT department immediately. If you do not have an IT department reset your password immediately.

Where possible, enable two/multi-factor authentication (2FA/MFA); this will work to reduce and mitigate the impact of compromised credentials.

If you have been a victim of a cyber-attack you are advised to report this to Action Fraud via their website at or you can give them a call on 0300 123 2040.