Friday Frauds

Cyber crime presents one of the key risks to firms in today’s digital world, in particular the so-called “Friday Fraud” which is an increasingly common feature of conveyancing transactions.

1 in 4 companies has been the victim of the cyber attack*

40% increase in UK law firms losses to cyber fraud**

£85m stolen by hackers from UK law firms~

75% of cyber crimes reported to the SRA are “Friday Frauds”^

What is a “Friday Fraud”?

Due to the large sums of money handled by conveyancers at the completion of transactions, these firms have become frequent victims of cyber attacks; and, because these transactions typically take place on a Friday afternoon, this type of attack has become known as “Friday Fraud”

How are Friday Frauds carried out?

Three main types of attack are used by fraudsters

1. Hacking your firm’s email account or that of your client, intercepting emails, and specifying a change in the bank account details to which transaction proceeds are to be transferred

2. Telephone calls purporting to come from your bank regarding suspicious activity on your firm’s client account and requesting account details and passwords under the pretence of security checks, which then enables the fraudster to access your account and withdraw funds

3. Impersonation of a genuine client through the use of electronically forged identification documentations

What you can do

- Train all of your employees on the risks, warning signs and best practice

- Confirm new or a change in bank details face-to-face with the client or by telephoning them using an existing number - do not trust email

- Tell clients by telephone both before and after monies are sent and check by telephone that they have been received on the expected date

- Always try to meet the client face-to-face at the time of instruction and record contact and bank details; outline a clear and secure process for changing details

- Never open an attachment or link to an email if you are unsure whether it is safe to do so

- If contacted by a bank requesting sensitive information, then agree to telephone them back on a number with which you are already familiar (e.g. your relationship manager)

What to do on discovering a fraud

- Inform your bank immediately and ask it to request the recipient bank to block its account and do the same with any onward recipient banks

- Inform the Police / National Fraud and Cyber Crime Reporting Centre on 0300 123 2040

- Inform the Police/National Fraud and Cyber Crime Reporting Centre on 0300 123 2040

This content is intended as guidance only. Pen, our partner law firms and other advisers are experienced in assisting firms to navigate their way through the difficult and stressful time following a cyber-attack on a firm’s client account; in the event of this happening to you, please contact Billy Hinken direct for specialist advice and guidance.

*Financial Times, “UK law firms fall foul of £85m Friday fraud hackers” March 2016

**Hazelwoods Chartered Accountants and Business Advisers, "Law firms’ cyber fraud losses grow – up 40% in a year" July 2016

~Financial Times, “UK law firms fall foul of £85m Friday fraud hackers” March 2016

^Solicitors Regulation Authority, "IT Security: Keeping information and money safe", December 2016