Cyber fraud – beware of lazy Friday afternoons!

6 March, 2018

Cyber fraud in conveyancing transactions comprised 75% of cybercrime reported to the Solicitors Regulation Authority (SRA) in 2016. This type of cyber crime has been named ‘Friday afternoon fraud’ as the fraudsters frequently target property transactions, many of which complete before the weekend.

Hackers have become skilled at monitoring online behaviour which can enable them to identify particular individuals and their solicitors who are in the process of buying or selling property.  Confidential information, including bank details, is often transmitted online and can be intercepted and modified redirecting money transfers to the criminals’ accounts, then redirecting on, making it hard to trace.

Another concern is identity fraud.  In 2016 the Court concluded an identity fraud case involving a law firm; an imposter sold a house which they did not own, and the law firm paid a client’s money to the fraudster before the scam was recognised.

The Law Society and the SRA have been active in issuing warnings and guidance to solicitors involved in high risk areas, such as conveyancing, since 2014. The risks are evolving and require continual awareness on the part of firms.  

While there is no perfect protection, my view is that solicitor firms will have to demonstrate that they have robust systems to protect their clients’ assets (including personal data) against cyber fraud in order to comply with solicitors’ Code of Conduct. 

As a minimum, and based on the guidance issued by the Law Society and SRA, I would expect firms to:

  1. Provide clients with warnings about common types of cyber fraud;
  2. Provide bank details to clients in a secure manner at the beginning of a transaction;
  3. Highlight to clients that email is not secure for transmitting bank details and that bank details will not change during a transaction. Consider adding a paragraph about this to client emails;
  4. If bank details are sent electronically, before any transfers confirm the details by another means (e.g. a telephone call to a known number);
  5. Everyone at a firm should be alert to methods used by fraudsters and the firm should ensure technology safeguards against cybercrime are up to date;

If you require advice relating to the above please contact Pradeep Oliver on 01892 765 453 or pradeep.oliver@crippspg.co.uk.