Email hacks of conveyancing transactions are the most common cybercrime in the legal sector, with £7m of client losses reported in the last year.
Three-quarters of cybercrimes reported to the Solicitors Regulation Authority (SRA) in the 12 months are some form of “Friday afternoon” fraud. This involves criminals modifying emails directly, usually by hacking into someone’s email system. They then alter the client’s emails to the solicitor or vice versa, altering bank details so that funds go to the criminal. Most cases involve conveyancing. Such scams often take place on a Friday, as this is the time that completions often take place, while it also buys criminals time to avoid detection.
Firms must inform the regulator if they lose client money or information, but the problem and size of losses may the SRA points out be under-reported. Other research has shown that a quarter of firms have been targeted by cybercriminals, with nearly one in ten resulting in money being stolen.
The SRA is reminding firms to ensure they report such cases. The regulator says that it’s taking a constructive and engaged approach, particularly if firms take steps to make good any losses to the client, and are looking to learn from an incident. A report, IT Security: keeping information and money safe, is aimed at helping law firms manage the risks of cybercrime by offering advice on the latest trends, so they can protect themselves and clients. The report stresses that as most cybercrime involves some form of deception, firms should protect themselves by focusing not just on technology but also people and training.
Paul Philip, SRA Chief Executive, said: “Cybercrime is now the most prevalent crime in the UK. Cybercriminals are not just after money but sensitive information, so law firms are an obvious target. It is the job of firms to take steps to protect themselves and their clients’ money. That means training staff and staying vigilant, as well as maintaining up to date technology protections. We all know threats in this area change rapidly. By working together to share information on the latest cyber attacks, we can help the legal sector stay safe, protecting firms and clients.
“Conveyancing fraud can see people lose their life-savings. We also want to see firms making sure their clients are aware of the risks. For instance, we would recommend that people avoid sharing bank details over email, or transferring money before confirming the source of any request.”
To download the report, visit the ‘IT Security: Keeping information and money safe’ part of the SRA website.
Meanwhile the SRA reports that six solicitors have been sanctioned in the last two months for involvement in dubious investment schemes.
One solicitor was struck off, three solicitors were suspended, and another fined £40,000. Cost orders totalling more than £120,000 were also imposed. And a solicitor in Yorkshire has also been jailed for eight years for fraud and money laundering, after being used to give credibility to an investment fraud totalling more than £5m.
Paul Philip said: “We know the vast majority of solicitors and law firms would not knowingly become involved in such schemes, but you should all be aware of the signs. The marked increase in reports to us of suspected involvement in these schemes shows that raising awareness is key.
“Unfortunately the small number of solicitors who abuse their position of trust can do great damage, not only to the public but also to the profession. We will continue to take robust action where solicitors have not met their professional obligations.”
For a ‘Solicitors and investment fraud‘ report visit the SRA website.
