Email modification fraud is one of the most prominent forms of cybercrime.
Highlighted in the Autumn Update of the SRA’s Risk Outlook, email interception still poses a significant threat to client money, with cases demonstrating the devastating impact that scams can have on both clients and firms.
Over the past year, it’s clear that awareness around email modification fraud has grown; a natural result of regulator campaigns and high-profile cases hitting the headlines. You receive an email from a firm that doesn’t look quite right and you flag it up, reporting it internally, as well as to the firm in question.
Or at least, that’s what you know you should do.
Whilst you’re bound to have been warned about opening ‘questionable’ emails from other firms, do you actually know what to look out for?
What’s more, as demonstrated just last week, it’s not just correspondence from other firms that you need to be alert to.
Thousands of legal professionals recently received an email allegedly from the Law Society, warning them that their ‘Find a Solicitor’ profile had been compromised; Chancery Lane later confirmed that this was a scam.
This incident highlights the ongoing importance of being alert to risk, even if you think you trust the other side. By posing as someone you know, fraudsters have an even greater chance of catching you off guard and an even greater chance of stealing client funds.
What do you need to look out for?
Whilst fraudulent emails may once have been easy to spot, the techniques of criminals are becoming increasingly sophisticated, and emails becoming alarmingly believable. What factors can help you identify a fraudulent email from the real thing?
- Check the ‘from’ address, carefully. Whilst you may be able to recognise a suspicious email address from a mile away, some will be more discrete, having just changed a single letter. Scrutinise the sender’s email address by right-clicking on the sender name or hovering over it.
- Check the greeting. Rather than using your name, scammers will tend to use a general term, or neglect to include a pronoun at all. The more impersonal the introduction, the more likely it is that it’s part of a scam.
- Check the grammar and formatting. Whilst the techniques of scammers are becoming more refined, these things are easy to look out for and are key in indicating the illegitimacy of the email. Even if it’s a small error, question it.
- Check the logos. With the rise in bogus firms, it’s always important to check the firm’s real name by looking on their legitimate website. Compare the logo in the email – is it an exact match?
- Check their tone. Are they trying to rush you? Are they asking you for something that they wouldn’t usually ask? Before clicking on external links or attachments at their request, make sure you know the identity of the sender.
Whilst you might question transacting with an unknown firm, seeing a familiar solicitor’s name in your inbox is unlikely to ring alarm bells…
But it should.
The techniques of fraudsters are growing in sophistication and as stated in the SRA’s Risk Outlook, it’s vital that firms ‘confirm the identity of other firms that they deal with.’ In order to ensure that transactions are properly protected, it’s essential that checks are applied on a wide-scale basis and prevention strategies are taken seriously, especially at a time when the risk of fraud is at an all-time high.
To verify that the bank details of a third-party firm are genuine and mitigate the risk of fraud, the SRA advises considering the use of a service such as Lawyer Checker.
As well as protecting transactions to a consistently high level, the use of a service such as Lawyer Checker can positively influence the culture within a firm and ensure that employees are alert to the risk.
At a time when new threats to client funds are emerging frequently, it’s vital that prevention strategies are implemented on a wide-scale basis. It is only then that their effectiveness will be ensured.
Click here to find out how Lawyer Checker can protect your clients’ money.