Conveyancers hit hardest by Friday afternoon fraudsters
Solicitors should consider whether existing professional indemnity insurance is â€˜sufficient'
Cyberattacks against conveyancing transactions by so-called ‘Friday afternoon fraudsters’ are the most common cybercrime, according to the Solicitors Regulation Authority’s latest report on IT security.
Some three-quarters of all cybercrime reports to the regulator occur on Friday afternoons – usually by email modification – with the majority of cases involving conveyancing. By hacking into the email system of an individual, criminals can alter the client’s emails to the solicitor or vice versa, changing bank details so they receive the funds.
While firms must inform the regulator if they lose client money or information, the SRA said the problem and size of losses may currently be under-reported. Research from the Law Society has shown one-quarter of firms have been targeted by cybercriminals, with nearly one in ten resulting in money being stolen.
Paul Philip, the SRA’s chief executive, said it was the job of firms to take steps to protect themselves and client money: ‘That means training staff and staying vigilant, as well as maintaining up to date technology protections. We all know threats in this area change rapidly. By working together to share information on the latest cyberattacks, we can help the legal sector stay safe, protecting firms and clients.
‘Conveyancing fraud can see people lose their life-savings. We also want to see firms making sure their clients are aware of the risks. For instance, we would recommend that people avoid sharing bank details over email, or transferring money before confirming the source of any request.’
The SRA report is aimed at helping solicitors manage the risks of cybercrime so they can protect themselves and their clients. In doing so it urged firms to consider taking out appropriate professional indemnity insurance.
‘For some firms dealing in large sums of client money, the minimum cover of £2m for sole practitioners and partnerships and £3m for others such as limited companies, may not always be sufficient,’ said the report. ‘Firms may also wish to consider whether they need cover for their own potential losses from cybercrime, beyond those affecting the client.’
In October, the SRA revealed that between 2004 and 2014 conveyancing accounted for the largest amount of claims under solicitors’ PII policies with small firms paying the most in cover as a percentage of turnover.
The regulator is currently considering altering minimum PII cover requirements, which include whether its rules are encouraging the right behaviours for firms to adopt a wider risk management approach to cybercrime attacks.
Matthew Rogers is a reporter at Solicitors Journal