Cybercrime threat continues

Our latest analysis of reports shows that email hacks of conveyancing transactions are the most common cybercrime in the legal sector, with £7m of client losses reported in the last year.

Three-quarters of cybercrimes reported to us in the 12 months are some form of "Friday afternoon" fraud. This involves criminals modifying emails directly, usually by hacking into the email system of an individual. They then alter the client's emails to the solicitor or vice versa, altering bank details so funds go to the criminal. The majority of cases involve conveyancing.

Such scams often take place on a Friday, as this is the time that completions often take place, while it also buys criminals time to avoid detection. Firms must inform us if they lose client money or information, but the problem and size of losses may currently be under-reported.

Other research has shown that a quarter of firms have been targeted by cybercriminals, with nearly one in ten resulting in money being stolen. We are reminding firms to ensure they report such cases.

By sharing information on cyber attacks, the whole legal sector can work together to be as safe as possible. We are taking a constructive and engaged approach, particularly if firms take steps to make good any losses to the client, and are looking to learn from the incident.

Our report IT Security: keeping information and money safe is targeted at helping law firms manage the risks of cybercrime by offering advice on the latest trends, so they can protect themselves and their clients.

The report stresses that, as most cybercrime involves some form of deception, firms should protect themselves by focusing not just on technology but also on people and training.

Read the report

Print page to PDF