‘Cyber-crime’ has become a ubiquitous term.
From digital billboards to the NHS, it seems nowhere is impervious to an attack.
As reports of theft and fraud continue to increase, consumers question how they can protect themselves and stay vigilant as we rapidly evolve into an increasingly cashless society.
Cyber-Crime Increases Across the Conveyancing Sector
Cyber crime is a global problem. As the internet continues to make life simpler for the common man it, in turn, makes life simpler for criminals.
The above are all cases of money transfers intercepted during a property purchase. £735,000 is the largest amount lost in a conveyancing scam to date.
Cyber breaches have seen sensitive personal data stolen, political events hacked and organisations threatened. The scale of online crime is enormous. From amateur opportunists to organised groups, criminals are fast learning how to exploit online weaknesses.
A crime survey for England and Wales reported 5.1m online frauds and cyber crimes during 2015/16. It is estimated cyber-crime could cost the UK up to £193bn a year.
What is Happening?
Although there is no one set way in which scammers are intercepting money, the main procedure is via email.
Programs which find their way into a system via malware, phishing/spear phishing attacks or SSL-encrypted threats, “X-ray” millions of emails to identify patterns of data that could contain valuable financial information.
In cases like conveyancing theft, once the data has been mined criminals aggressively target the email conversations of those involved in the transaction. Potential buyers then receive fraudulent emails purporting to be from their solicitors with instructions to send their payment to a different account.
Scammers go through considerable effort to ensure the emails appear genuine including replicating client reference numbers, personal details and bank account numbers from both parties.
In many of the reported cases, fraudsters pose as sellers then contact the law firm acting for the real sellers and instruct them to send the sale proceeds to a rogue account.
This type of fraud has been dubbed: “Friday afternoon fraud”. This is a nod to the fact that most purchase completions take place on a Friday – something that plays into the hands of criminals as it buys them more time to avoid detection.
“There is a lot of money in home-moving transactions and fraudsters are targeting conveyancing firms as a result,”
“Firms have a responsibility to look after their clients’ money. We recommend both firms and their clients use encrypted emails for confidential or financially sensitive information. This means emails cannot be opened without a secure password. Some firms are so worried about the rise of fraud cases involving email that they’re going back to using faxes for confidential and sensitive information.” – Rob Hailstone, of Bold Legal Group
Data found in the Financial Fraud Action Report (FFA) shows email scams and other financial fraud aimed at legal firms had increased significantly in the past six to 12 months
Robert Loughlin, executive director at the SRA, said: “We are very concerned about this continuing activity. The fraudsters are highly sophisticated in their approach. All firms should ensure that their own, internal systems for guarding against scams are up-to-date and that staff know how to implement them.”
A warning from the solicitors’ watchdog advises “conveyancing theft” involving hacked emails is now the most common cyber-crime in legal circles.
The Cost of Data Breach
The global cost of cybercrime is estimated to reach almost £1.5 trillion by 2019, a three-fold increase from the 2015 estimate of £500 billion.
Almost 30 million records were exposed in over 850 publicised breaches across sectors including education, government, health care and financial, according to the Identity Theft Resource Center’s ITRC Data Breach Report (ITRC).
According to the Ponemon Study, due to the intensity of compliance and regulations, the costs per breach to organizations in the health care and financial services sectors top all other industry groups.
Bogus Law Firms
The Solicitors Regulation Authority (SRA) received 548 reports of bogus firms in 2013, a 57% increase on 2012. A further 726 reports were made in 2015.
As the practice of conducting business online increases, face to face interaction fades out creating a grey area of anonymity. This change in habit presents bogus law firms and fake solicitors with an opportunity to fraud people seeking legal services online.
Law firms are one of the key targets for people looking to launder money. An estimated £57 billion is processed through the UK every year.
Legal firms have a responsibility to look after their clients’ money. The two bodies governing the legal sector are:
- The Solicitors Regulation Authority (SRA), which makes sure firms comply with the regulatory rules and principles including acting independently, fairly and with integrity.
- The Legal Ombudsman which deals with complaints about poor service including failures to keep clients properly informed, disclose costs, work to a promised timescale, or follow instructions.
Fighting Fraud With Tech
As a species, we are impressively poor at detecting fraud. Studies show that even when we are actively on the lookout for signs of mendacity, our ability to spot fraudulent activity or deception is no better than chance
A large portion of cyber-crime arises from low-security awareness among employees. The weakest links coming via mobile devices, social media applications or laptops. Unskilled employees who have large quantities of data to analyse may accidentally expose sensitive data to other sources whilst working.
52% of data security breaches are caused by human error and system failure. Acts of malicious intent account for the remaining 48%.
Technology has opened the door to new and more prevalent forms of fraud: In 2015 Britain lost almost £11 billion to con artists around the world, according to Action fraud Police.
It’s not all doom and gloom, however. As computers aren’t susceptible to pressure or emotion, technology can be engineered into incredible tools that can protect and help us in combating cyber-crime.
Several contributions, including everyday inventions like the free robot lawyer designed to fight speeding tickets and rogue lawyers, created by a British student, and the introduction of an Anti-money laundering App mean we’re heading in the right direction.
Feel Secure with Lawyer Checker
Lawyer Checker is an online service providing market leading, risk management solutions to the conveyancing industry. Their checks allow conveyancers to gather further information on the conveyancer to which they are sending money to or their own client they’re dealing with. This enables them to better assess the risks associated with transferring funds throughout the property transaction.
Tony Neate, head of Get Safe Online, said:
“Your first line of defence for your email account is a strong password that is different to other online accounts and is changed regularly. Protecting your devices with security software and regularly installing updates will also help.”
“We have done a lot of work to reduce fraud but vendor conveyancer fraud remains an area of growing concern. That is why I welcome initiatives like Lawyer Checker that help our panel firms manage the risk associated with transmitting our money to vendor conveyancers. All conveyancers should reassess the checks they make before they send money to organisations offering undertakings.” – Tracey Carr, Financial Crime Manager – Mortgage Fraud, Santander
“What about a product that you could log into and insert the client account details and the system will confirm back to you if this is an account that is recognized as being regularly used for large sums of money. A product that tells you if the account is unknown and appears to be dormant? Alarm bells will be ringing now. The service can then obtain additional information for you and reports back to you with specifics about the firm. It could be that the firm recently changed their bank but it would allow you to investigate further and obtain the assurances you need to act in the best interests of your client.
This is exactly what Lawyer Checker does and what a great addition to the current risk management policies and procedures that are already out in the market.”
Lawyer Checker is fully integrated into the Pali system.
You can order Lawyer Checker Reports through the regular Pali website. Simply log in using your current details and the reports will appear in the product list.
Reduce The Risk
- Use a strong password for your email account that is different from your other online accounts. Change it regularly
- Protect your devices with security software and regularly install updates.
- Consider using encrypted emails and ask your conveyancing solicitor to do the same.
- Inform your solicitor that you have no intention of changing your bank account details.
- Request that instructions to use a different account, whether it theirs or yours, must be given in person.
- Order a Lawyer Checker through Pali