Three CLC Law Firms Vulnerable To Email Fraud In Previous Fortnight
The Council for Licensed Conveyancers have revealed that in the past two weeks, three law firms have been targeted by cyber criminals using a very similar phishing strategy.
Hackers, had obtained access to an individual’s email information within the firms. Once inside the account, the hacker was able to manipulate messages to automatically forward key details to the hacker. Firstly, all emails were forwarded to the hacker; emails that could contain key and sensitive information.
Following this, the cyber criminal was able to filter the messages for key information like sort codes, bank details and personal information. The hacker was then able to change the details, impersonated the firm and send the new details to the client.
If this attack succeeded, the client’s data and money could have been lost to the cyber fraudsters; leaving the firms open to massive reputational damage.
Email fraud/impersonation and social media hijacking rose by 35% compared with 2017’s figures and indicates that this is where cyber criminals are now focusing their efforts according to a 2019 report by the Office for National Statistics.
In total, Action Fraud found 9,458 cases of successful email fraud. These statistics do not cover the cases that were not reported to the police, indicating that the extent of the problem is considerably higher than the figures suggest.
Jennie Williams, a Cyber Protect Officer within the North West Regional Organised Crime Unit (NWROCU), said: “For businesses, the main threats continue to be from Phishing, Ransomware, DDOS attacks and the biggest one I feel is the insider threat. We all know why a criminal wants to attack us – to steal our money, intellectual property etc. – but it’s us who are the biggest risk – the human error, criminals know when to target us – Monday mornings, Friday afternoons – we are the ones that will potentially click on links, connect to public WiFi and not understand the risks. This is why it is so important to educate staff, friends, and family so we can all work together in combating this ever-growing cyber risk – you can’t protect over things you don’t know about!
“Law firms should Keep themselves up to date with the latest cyber threats, educate and talk to their staff about the risks, we see so many businesses who cannot recover from a cyber attack and the business goes under which means staff could lose their jobs, I don’t think staff sometimes realise the big implications it can have on them which is why it is so important to make them aware of what the threats are and if they do make a mistake what they need to do to get it sorted ASAP.
“The Cyber Information Sharing Partnership is a great way to keep businesses updated with the latest threats. It’s basically like a social media platform for businesses to share information/ guidance and threats that they have seen within their business to help others protect theirs. It is quite ‘techy’ but we have a North West Group on the platform which has numerous large and small businesses in and they are only too happy to help those who need further advice and guidance. https://www.ncsc.gov.uk/cisp”
The CLC have reiterated that if law firms are concerned that they may be susceptible to this threat, it is imperative to contact their Regulatory Supervision Manager, [email protected]
Does your law firm have a robust security plan to deal with and prevent email fraud? Are you aware of similar issues that have affected a law firm?