Friday afternoon fraud – Cyber Security Helpdesk Limited – UK Cyber Incident Reponse Specialists

The proportion of law firms targeted by scammers has risen sharply over the last year, especially among larger firms, as has the number of practices taking out cyber-insurance, according to new research from the Law Society.

The Law Society Survey of 601 sole practitioners and firms with between two and 25 partners was commissioned for its annual review of the previous indemnity insurance round.

26% of firms said they were targeted by scammers in the previous year. This figure increases as firms got larger, to 50% of firms with 5-10 partners (Up from 34% in 2016) and 64% of firms with 11-25 partners (Up from 44% in 2016).

Most common forms of scam were spam emails/phishing. Others included: Malware/computer viruses, cyber attacks, telephone calls/vishing and invoice fraud.

The two main responses were taking internal activity (such as increased cyber security training and additional checks, balances and reminders) and updating existing security systems.

Firms contacted the police in 19% of all cases.

Approximately 42% of firms surveyed with 5-10 and 11-25 partners now have cyber insurance in place – and almost all of the others have at least considered it – although the figures fall for smaller firms.

We are interested in hearing from you about your Cyber insurance experience… Are you looking to take out Cyber Insurance for your business? Or if you already have cyber insurance, has your experience been a positive of negative one?

Over the past year, we have noticed a rise in the number of law firms being tricked into giving bank details to fraudsters in so-called ‘Friday afternoon scams’.

The Solicitors Regulatory Authority) confirms that it is a growing problem and itself continues to receive regular reports of scammers stealing from firms despite repeated warnings to professionals not to disclose sensitive details.

Criminals tend to target conveyancing firms with large amounts of money in client accounts and are increasingly sophisticated in how they persuade people to release information.

Instances of so-called ‘Friday afternoon fraud’ are of huge to concern to solicitors and their insurers and with the average house price nearing the £300,000 mark, it is easy to see why such frauds have such a potential impact on a firm’s claims’ record.

These “Friday Afternoon Frauds” appear to follow a particular pattern. They are calculated and highly sophisticated, employing legal industry experience, banking industry experience, (usually) a well financed setup (taking place in what appears to be a call centre established for this purpose), psychology of the firm’s staff and a discreet knowledge of a specific firm’s financial or client details.

They typically take place on a Friday afternoon (hence the name!), starting with a telephone call to the firm’s accounts department or FD, purporting to be from the fraud unit of its own bank. The caller is able to provide (apparently by hacking the firm’s online banking access) details of the genuine transactions made that day, thereby giving the impression of legitimacy. This is also known as a “Vishing” scam. The fraudster will claim that suspicious transactions have been made from the account and that it has been frozen, and will offer the firm assistance with any urgent payments that it needs to make in the meantime. The firm will be required to provide its online bank details, which the caller then quickly uses to defraud the firm with individual payments typically being for slightly less than £100,000, to avoid detection for as long as possible, and where multiple payments are made they will be for differing amounts, in order to avoid raising the bank’s suspicion.

Once each payment is made it is quickly transferred to other accounts and often moved out of the jurisdiction. As these payments are usually made on a Friday afternoon and may not be discovered until the following Monday, catching the criminals by chasing the flow of funds can be next to impossible as they will have long since been dissipated. Many scams also occur either side of the Christmas break, taking advantage of the holiday period.

Other examples of online fraud committed against law firms is “Phishing” scams where a fraudster may hack into a client’s email account or that of another third party involved in the transaction such as a mortgage broker and direct a solicitor or client to transfer proceeds from their sale to a different bank account or a solicitor’s own email account or server may be hacked or impersonated so clients are directed to send monies to accounts other than the solicitor’s client account. The hacking can occur from something as simple as a predictible password being used by a firm employee, lack of robust authentication to log in to a firm’s systems or Malware (malicious software) being unwittingly downloaded from e.g. an unsolicited email communications giving the perpetrators the ability to intercept communications and attempt to hijack money from client accounts.

The SRA has confirmed that law firms and clients have being the victims of scams and schemes totalling millions.

We would advise firms to take the following basic precautions:

Never reveal banking security information over the telephone, even if the caller appears to be genuine and to have knowledge of your account. Independently validate callers by contacting somebody they already know at the bank, preferably using a separate telephone line, for example a mobile. (There have been examples of scammers keeping the line open to intercept any follow-on call to check.)
Employing two-factor authentication on any remote access availability and ensure all user passwords are both sufficiently difficult to predict and are changed regularly.
Always confirm bank details with clients by telephone or in person.
Ensure that all Cyber or Data Warnings to clients are prominently displayed on ALL email correspondence, paper correspondence and repeated by telephone during the course of a matter.
Circulate this advice to all staff, so they are aware of the issue. Ensure staff understand these risks and have undergone cyber and data security training.
Respond swiftly. If you suspect or become aware that you have been a victim of such fraud, contact your bank and broker or insurer as soon as possible. The quicker action is taken, the greater the chances of recovering the money taken.

The potential losses (and consequentially the financial, reputational and regulatory impact on the firm) are significant and a number of firms have already been affected, so management and staff should be advised to remain vigilant.

Should you require any assistance with Cyber or Data breaches, contact us to discuss our incident response service. As one of the UK’s leading integrated incident response service providers, we can advise on technical, legal, regulatory and reputational matters.