Each year, an estimated £470 billion is lost to cybercrime. In 2018 alone, £354 million was stolen via authorised push payment fraud (APP) whereby cybercriminals deceive individuals into sending them money by purporting to be a legitimate, authorised person.
The conveyancing industry is a frequent target for this type of crime. Being able to intercept or infiltrate digital communications between solicitor and client means that large sums of money is being sent into the accounts of these criminals.
A Real Issue
In 2018, first-time buyer, Howard Mollett, inadvertently sent £67,000 to a cybercriminal posing as his solicitor. Mr Mollett was working with the conveyancing solicitors, The Sethi Partnership, to secure an apartment when, after initially making a down payment, he was asked to pay the remaining sum.
Unfortunately, between making his down payment and sending the full balance, criminals had intercepted emails and were able to pose as legal representatives acting on behalf of Sethi Partnership and asked Mr Mollett to transfer the remaining funds into their bank account due to a technical issue with the original one.
To add a sense of urgency to this transfer, they stated that due to this problem with the account there was a real risk of the completion date being affected should the funds not clear sooner rather than later.
Mr Mollett sent the remaining balance of £67,000 after which, he contacted his solicitors to advise them of the deposit. By the time this error had been realised, the money was gone.
Mr Mollett has so far only been able to recover £7,800.
How, as a conveyancer, you can help.
This case highlights why conveyancing theft involving the hacking of emails is now the most common cybercrime to affect the legal profession. Falling victim to this type of crime can be distressing to the victim but can also have a negative effect on the reputation of the law firm involved, who, as in this case, became embroiled in a legal dispute to determine who was at fault.
To prevent this type of crime from occurring, a policy laid out for your clients from the outset could be beneficial to all parties. Guidance could be offered which includes but not limited to:
- Advising clients to check emails they receive thoroughly. Cybercriminals will create fraudulent email addresses to look almost identical to that of a legitimate email address you may be expecting. There may be an extra letter in the name or a slight variant on the spelling for example. Remind clients to always check the senders email address to make sure it correlates to the genuine one.
- Pay close attention to the language being used. Small subtle changes such as the introduction may give it away. For example, a genuine email may always be sent using formal language however fraudsters may use informal language, or vice versa. A subtle change like this should arouse suspicion.
- Explain to the client that at no point during the transactional phase would you change bank details and tell them that you wouldn’t ask for their bank details over the telephone or via email if it is not your policy.
Finally, always advise your clients that anything they suspect to be suspicious should be reported directly back to you.
How OneTechUK is helping law firms tackle this problem
At OneTechUK, we provide law firm with a host of services designed to tackle security and the threat of cybercrime. These include:
- Secure Hosted Desktop Service
- Our fully managed hosted desktop service offers a secure way of working for everyone in a law firm whether in the office, from home or any other location
- SSL based encrypted connection to hosted desktop.
- 2 factor authentications to prevent un-authorised access even if a user’s login details are compromised. Access still requires a second layer of authentication.
- Advanced network threat protection: we use high-end firewalls which are commercially not viable for small firms to have in-house similar setup.
- Daily encrypted backup of all data.
- Secure internet access over hosted desktops.
- Secure email service
- Our hosted desktop packages include fully secure email services.
- Email security with advanced threat protection.
- Artificial Intelligence based fraud protection.
- DMARC, SPF and DKIM are enabled and managed as part of our service to offer best possible security for email communications.
- Daily mailbox backups and email archiving are also part of our service.
We work closely with law firms to tailor a security package that is right for them and for their clients, providing that all-important peace of mind that you are protected. To find out more about our extensive cybersecurity services, speak to one of our expert team today.