E-mail hacks against conveyancing transactions—often occurring on Fridays—are the most common cybercrime in the legal sector, with £7m of client losses reported in the past year.
Figures published this week by the Solicitors Regulation Authority (SRA) show that three-quarters of cybercrime reported to it in the past 12 months took place on a Friday afternoon. The reason is that the majority of cases involve conveyancing, and house sales usually complete on Fridays.
Criminals may modify the emails directly, usually by hacking into an individual’s email, and then altering bank details in the client’s email to the solicitor or vice versa so that funds go to the criminal.
The SRA believes the scale of the problem may be under-reported, even though firms have a duty to inform the regulator if they lose client money or information.
The regulator issued a reminder to firms this week that they must report such cases, and reassured firms that it will take a constructive approach if firms are willing to make good any losses and learn from the incident.
It has published a report, IT Security: keeping information and money safe, to help firms manage the risks of cybercrime. It emphasises that firms should focus on people and training as well as technology.
Paul Philip, SRA Chief Executive, said: “Cybercrime is now the most prevalent crime in the UK.
“Cybercriminals are not just after money but sensitive information, so law firms are an obvious target. It is the job of firms to take steps to protect themselves and their clients’ money.
“That means training staff and staying vigilant, as well as maintaining up to date technology protections. By working together to share information on the latest cyber attacks, we can help the legal sector stay safe, protecting firms and clients.”
