Information security, popularly now known as cyber security, is a topical area with repercussions that could potentially affect every business and individual connected to any form of computing system. Information and breaking news on hacking, cyber terrorism and breaches of data protection come at an alarming rate, with the Law Society’s Gazette providing facts that show law firms alone have lost over £85m in the past 18 months.
Delving deeper into this, one in 10 law firms were successfully broken into via electronic means. With the problems that a cyber attack can cause for a law firm, either through the breach of personal data, the theft of sensitive documents or the loss of finances, cyber criminals have the law industry firmly within their sights.
In April 2016, the Telegraph reported on a couple who had lost over £200,000 while they were partaking in an email discussion with their property solicitor; or so they thought. In a new digital twist on the tried-and-tested fraud methods, many criminals are now finding ways to place themselves between clients and solicitors in order more effectively to deceive those in need of assistance. Cyber criminals are continually finding new methods of attack in an attempt to scam, con and fraudulently gain from their illegal activities. One of the key areas that is causing issues currently is the increasing trend to interfere with email communications between those in the law industry and their clients, breaking into email accounts and diverting large payments resulting in a financial loss for both the client and the law firm.
By breaking into the communication accounts of a solicitor, barrister or other member of the law industry, a cyber criminal is able to read, delete and potentially alter the contents of any messages they find stored there. Instructions to send money to a bank account for the payment of services may well have been sent legitimately but then the sort code and account number may have been altered to be a mule account belonging to the cyber criminal. Alternatively, the email could have been sent to trick the client into paying outright without any indication of a legitimate transfer being required; similar to the well-known ‘Friday afternoon fraud’.
Click here to read the full article in the latest edition of Financier Worldwide.