In 2017, 3 in 10 UK law firms were affected by cyber attacks. Last year saw the spotlight on ‘Friday afternoon fraud’, a conveyancing scam that targets solicitors’ email accounts and, according to the SRA, cost the legal profession at least £7m in 2016.
This is the most common cybercrime in the legal sector, involving hacking into conveyancing transactions and diverting client funds. This typically takes place on a Friday as this is when most completions are made, and it gives the cyber criminal the weekend to avoid detection.
This type of fraud can have a huge impact on buyers, with some victims losing their savings, and the property they intended to buy. A humanitarian charity worker buying his first home fell victim to this conveyancing scam and lost £67,000 when fraudsters used his solicitor’s email address to convince him to send the money to alternate bank accounts.
Here are some useful guidelines on how consumers can protect themselves against this type of fraud;
- When making financial transactions such as bank transfers avoid emailing bank details and do not automatically transfer money to a bank account given in an email. Always speak to your lawyer personally before you transfer large sums of money, and after to confirm that funds have been safely received.
- No matter how genuine you believe an email communication to be, always speak to your lawyer personally to check before you respond. In the case of the victim mentioned above, it was not even a similar email address that had one letter different to his lawyers it was his lawyers email address. The hacker even replied to previous email threads, commenting on the victims recent work trips, making it appear that much more genuine.
- Remain vigilant throughout the transactional process and don’t be afraid to double check or ask your lawyer anything you are not 100% sure about. Property transactions can be a stressful time in your life and you naturally want the process completed as soon possible. Hackers take advantage of that vulnerability by sending email communications at a time you are expecting to receive requests for financial transactions. This is why it is so important to speak to your lawyer personally to check every time you receive an email communication.
- If you receive an email from your legal firm saying that they want you to use a different bank account to one previously used, or a different account because you’re abroad, or the amount is different, call your lawyer immediately to question it. Changes like this are not common in such transactions so it is important to challenge a request.
- Understanding when you are most at risk is important. You are more likely to be the victim of fraud if you have previously had your identity stolen, you don’t have an existing mortgage, or if you’re living abroad. Divorce or separation can also be an extremely emotional time when finances might be disrupted. Additional care should be taken and attention payed to all financial accounts, balances and transactions.
- You are at significant risk if your property is not registered. Always check with HM Land Registry to confirm and check your contact details are correct. You can also sign up for alerts if anyone tries to change your property details, for example, attempting to get a mortgage using your property. You can also pay a fee to stop the HM Land Registry from registering any sale that is not registered under your name and confirmed by a solicitor.
- It is essential that security of your home IT system is maintained at all times. Simple IT maintenance at home is often overlooked such as renewing and updating anti-virus software. Always used secure servers to make any online transactions, regularly change passwords and avoid using the same generic password as a login.
- It is important that your chosen legal firm can demonstrate that their IT systems are secure, and that they have the appropriate safeguards in place to mitigate the risk of Friday afternoon fraud.
At BTG Advisory our team of skilled and knowledgeable digital forensics experts employs electronic fraud pattern analysis techniques to identify any unexpected, erroneous, or anomalous patterns that appear in financial transactions. These can then be further investigated using our team’s computer forensics expertise to extrapolate evidence of fraud and financial crime.