In recent weeks, the legal sector has been reminded of the persistent threats bombarding law firms and their clients confidently using legal services.
The Solicitors Regulation Authority (SRA) has issued eight email scam reports in July alone as cyber criminals target the rich and sensitive information held by legal service providers.
Worryingly, email impersonation fraud is on the rise and a prevalent tool used to complete property fraud. The SRA were made aware of an email pertaining to be sent from the genuine SRA regulated firm Dutton Gregory Solicitors.
The email, using the domain ‘dutongregory.com’ and the email address ‘firstname.lastname@example.org’ attempted to send new bank details to a client.
The call to action offered all the traditional hallmarks of a genuine request, suggesting the client ‘should make the remaining transfer to our other bank because of a security measure’.
Whilst this may ring alarm bells for those well versed in conveyancing transactions, clients who may only move a handful of times in their life may be swayed by the perceived authenticity of the request.
The SRA regulates a genuine firm of solicitors called Dutton Gregory LLP, trading as Dutton Gregory Solicitors. The firm also employ an individual named in the fraudulent email address. When the cyber criminals uses such well researched social engineering tactics, it becomes difficult to differentiate the legitimate from the fraudulent.
However, the firm and employee were clear that the request was false and immediately raised the alarm by contacting the SRA. They were also clear that all their legitimate email communication will use the domain @duttongregory.co.uk.
Email malicious redirection fraud was a lucrative tool in the criminal underworld last year accruing £123.7 million from UK account holders in 2018 alone, according to a UK Finance report.
Of the 7,544 malicious redirection scams completed, over 9,000 payments were made with an average individual loss of £20,750. These statistics highlight the importance of ensuring the people you are communicating with are legitimate.
Email fraud in general continues to be the most frequently used by attackers which is why it is perceived as the most dangerous threat.
According to a recent survey, conducted by Dimensional Research and Barracuda Networks, over 600 IT professionals cited phishing as their top threat.
82% of respondents’ organisations had been sent at least one email threat in the past year. 93% were anxious about business email compromise (BEC) with 79& concerned about insider threats and hijacking attacks launched through malicious emails slipping through the cyber security net.
In addition to the obvious financial and reputational threats caused by a breach, 78% admitted that reduced productivity as resources and time are spent on rectifying the attack are a huge business concern. Additionally, 36% found business disruption and digital downtime a costly byproduct of a successful breach.
How secure is your firm’s email security? Are you worried by the technological and human vulnerabilities exposed through email fraud?