‘Friday afternoon’ fraud cost profession at least £7m in past year, says SRA


Cyber crime: significant problem for law firms

Cyber crime: significant problem for law firms

E-mail hacks of conveyancing transactions are the most common cybercrime in the legal sector, with £7m of client losses reported in the last year, according to the Solicitors Regulation Authority (SRA).

It said that three-quarters of cybercrimes reported to the SRA in the 12 months are some form of ‘Friday afternoon’ fraud.

This involves criminals modifying e-mails directly, usually by hacking into the e-mail system of an individual. They then alter the client’s e-mails to the solicitor or vice versa, altering bank details so funds go to the criminal.

The majority of cases involve conveyancing. Such scams often take place on a Friday, as this is the time that completions often take place, while it also buys criminals time to avoid detection.

The figures came in a new SRA report on IT security that forms part of its risk outlook programme. It said ways to combat Friday afternoon fraud included sending £1 to the account details provided and confirming it has been received.

The SRA said that while firms must inform the regulator if they lose client money or information, the problem and size of losses “may currently be under-reported”.

It said other research has shown that a quarter of firms have been targeted by cybercriminals, with nearly one in ten resulting in money being stolen.

The regulator pledged to take “a constructive and engaged approach” when this happened, “particularly if firms take steps to make good any losses to the client, and are looking to learn from the incident”.

Paul Philip, SRA chief executive, said: “Cybercrime is now the most prevalent crime in the UK. Cybercriminals are not just after money but sensitive information, so law firms are an obvious target.

“It is the job of firms to take steps to protect themselves and their clients’ money. That means training staff and staying vigilant, as well as maintaining up-to-date technology protections.

“We all know threats in this area change rapidly. By working together to share information on the latest cyber attacks, we can help the legal sector stay safe, protecting firms and clients.

“We also want to see firms making sure their clients are aware of the risks. For instance, we would recommend that people avoid sharing bank details over e-mail, or transferring money before confirming the source of any request.”




Leave a Comment

By clicking Submit you consent to Legal Futures storing your personal data and confirm you have read our Privacy Policy and section 5 of our Terms & Conditions which deals with user-generated content. All comments will be moderated before posting.

Required fields are marked *
Email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Reports

Our latest special report, produced in association with Temple Legal Protection, looks at the role of after-the-event (ATE) insurance in commercial litigation post-LASPO. We are at a time when insurers, solicitors, clients and litigation funders work ever more closely to create funding packages that work for all of them, with conditional fee and even damages-based agreements now part of many law firms’ armoury.

Blog

13 November 2019

The October PII renewal: Why the market changed

Since the abolition of the Solicitors Indemnity Fund, the October professional indemnity insurance renewal season has always been a challenge, but this year most law firms saw their premiums go up.

Read More

Loading animation