A report from The City of London police shows that between April 2016 and March 2017, consumers reported over 281,000 cases of fraud. Data shows 1 in 10 adults are victims of cybercrime (Buzzfeed 2016).
A truly staggering number.
Even more worrying is that this is an increase of nearly 50,000 from the year before – and it’s only going to get worse. Recent events concerning the security breaches of systems across the world only highlight the risk of the ever-increasing connected world.
Although most of these frauds involved consumers being duped by fake websites, criminals are now targeting law firms, especially those providing residential property services. The large sums of money involved are clearly very attractive.
The “Friday-afternoon Fraud“. as it is known, is becoming an increasingly common problem, with criminals targeting lawyers on their busiest day of the week.
Typically these are interception frauds, where criminals pretend to be the lawyer and send clients fake emails, asking them to send funds to a fraudulent bank account.
Lawyers are waking up to the realities of this threat – although it has taken a great deal longer than it should have done, and their approach is often far too simplistic.
In our experience, for most, this is merely additional wording in their email footers, with warnings to clients they will not be responsible for any thefts.
This half-hearted approach does not solve the real problem, which is the continued use of email by lawyers with their clients. We know many law firms still consider email to be a new, form of communication (we’re not joking here) but that doesn’t justify its use and the risks involved.
We have first hand experience of this risk. Our clients are being targeted by criminals using fake emails pretending to be us (we publish these attempts on Twitter). Despite our repeated warnings, a client of ours was sent a fake email that asked her to send £600,000 to a criminal.
Like other firms, until a few months ago, we used email with our clients, and yes, we were putting those same warnings in our letters and email footers that we would not send our bank details by email and that they won’t change.
Our emails to clients would ask for documents and certificates and all sorts of confidential information. Therefore, the problem was that a client would not have been surprised to receive an email that appeared to come from us, potentially asking them send their money to us.
We know clients are under a lot of pressure during the house buying process and are more likely to make mistakes. Even under the best of circumstances, spotting fake emails can be very difficult.
People seem to forget that cyber criminals are usually quite smart and are becoming increasingly sophisticated. When another one of our clients had their email account hacked, thieves were able to steal scanned documents which contained their signatures. They used these stolen signatures to steal over £300,000.
Under such challenging circumstances, we recognised that things must change.
A more robust approach is required by both lawyers and their clients.
We are clear about this.
Lawyers must stop using insecure email with their clients.
Until they do this, they are putting their clients at an increased risk of fraud.
The problem is, as we have already mentioned, for many lawyers, moving to email from post was challenging enough, so switching to using secure messaging systems like banks do, could just be too difficult for them.
However, they really have little choice in the matter.
Until lawyers recognise they have to start thinking like clearing banks when it comes to security, then they are not acting in their client’s best interests.
Conveyancing clients need to check how seriously their lawyers take their financial security. It is our opinion that those lawyers that continue to use insecure email to communicate with their clients should be avoided.
It’s simply not worth the risk.
Here are some steps you can take to protect your land and property from fraud. https://www.gov.uk/protect-land-property-from-fraud
And just so you know, we are one of the only companies that AUTOMATICALLY register our clients to guarantee that they get these alerts.