Cyber fraud is an increasing risk for conveyancers dealing with large financial transactions. We spoke to Emily Haskey, Operations Manager, Dye & Durham, to find out how firms can take practical steps to mitigate the risk and protect clients’ funds.
1. Outline your experience and describe your role at Dye & Durham
I joined the company in 2018 following the completion of a psychology degree at Chester University. I now lead our data research team of five. For me, the psychology behind cyber fraud is one of the most interesting aspects of my role. For example, 95% of all cybercrime and security breaches are due to human error. In simulation tests where staff are sent fake emails to see if they will click on a link and add their own payroll and bank details when requested, the majority do. Human error plays a big part in the success of cyber criminals, and we work with law firms to help them mitigate these types of risks.
2. Why is the risk of cyber fraud increasing?
The ONS has confirmed hacking offences more than doubled by March 2022 (to 1.3 million offences) compared with the pre-pandemic year ending in March 2020. This included victims’ details being compromised via large-scale data breaches, and victims’ email or social media accounts being compromised.
Loan and mortgage fraud increased by 675%, from £9.7 million to more than £75 million.
This generally corresponds to the growing move to digital workflows. Email, for example, is vulnerable to interception and the majority of communication these days is through email. Logging in for remote working can also provide a weak point for hackers, particularly if firms use shared account access or if individuals use the same passwords for multiple logins.
3. What are the main risks for conveyancers?
Conveyancing firms are a particular target due to the large single sum being transferred on completion of a property purchase by criminals who are becoming ever more sophisticated and experienced.
Impersonation, usually through email interception, is the greatest risk and made up 91% of SRA Scam Alerts in 2021. These days, it’s easy to obtain information on public databases about a particular transaction. Fraudsters can either email the client directly for extra information or to confirm they have changed the bank details just prior to completion. Clients may make the transfer without questioning where the email has come from.
One case reported by the Law Society Gazette in October 2021 details how £640,000 was handed over to criminals when emails between the buyer and the buyer’s solicitor were intercepted. According to the Gazette: “They created an email account made to look like that of the solicitor to request payment. Payment details were provided on headed paper via the spoofed email, and the amount requested was exactly what the buyer had expected to pay. Most of the money was never recovered.”
Fraudsters also impersonate other law firms. Just because a firm has transacted with another firm previously doesn’t mean the transaction is safe. Hackers can change just one digit within an email — which can easily go un-noticed — to obtain financial information. Timing is often key. If they’ve gained access to an account, they can also monitor outgoing emails to find out when the transaction will happen, intercept an email and replace valid bank details with their own.
4. Why is Lawyer Checker an essential tool in conveyancers’ armoury against cyber fraud?
Our Lawyer Checker solution checks the law firm’s account details against our unique database to determine whether those details have a track record of successful usage within conveyancing. Lawyer Checker is a web-based solution and can be accessed securely from any location 24/7 at the click of a mouse, supplying an audit trail for law firms as well as ensuring due diligence by adhering to SRA Code of Conduct provisions.
Lawyer Checker’s unique algorithm checks details against 10 different databases in real time. It checks SRA Scam Alerts and safeguards transactions against human error and typos while also providing the most up-to-date information. All frequent and infrequent results are processed through the latest NatWest tracker to check bank account details. We have verified thousands of accounts and reported back on incorrect details. Our dedicated research team is also highly skilled in providing enhanced further investigation when necessary, making it easy and cost-effective to mitigate risk of fraud during the conveyance.
5. What other practical steps can firms take?
Some law firms are reverting to traditional paper-based workflows to try to mitigate risk. But it can be harder to protect a filing cabinet that anyone can access than correctly password-encrypt digital storage. It’s better to undertake regular business continuity simulations to reveal gaps in systems where work can be undertaken to improve digital security.
Documents should be stored in different areas of the cloud so that storage can be shut down in the event of an issue, but details retrieved from another location, so information is not lost permanently.
Avoid shared passwords. This sounds obvious but it’s amazing how many organisations share access to systems through a single password.
When dealing with another law firm, set up a second line of communication. This is usually a phone number to call to verify details if there is any doubt about the validity of information sent electronically.
Check the domains and email addresses carefully. It’s easy to miss a “one” replaced with an “I,” for example. Encourage vigilance across your team as junior staff members have been known to be targeted.
Risk assessments should be produced by the firm at the outset of each transaction and kept under constant review. Processes should also be in place to combat money laundering; however, the risk of fraud should be assessed independently. Transactions can be low-risk for Anti-Money Laundering (AML) but high-risk for fraud, for example.
Cyber security training within the firm will raise awareness of the common issues and help avoid human error. Awareness of the scale of the issue is a positive step towards mitigating risk. With only 27% of businesses actively training staff to avoid security breaches, more can be done.
Legal professionals must now ensure that cyber security is high on the agenda for every property transaction and conveyancers must be proactive in addressing the increasing risk of cyber-attack. Lawyer Checker can help mitigate risk by ensuring funds are safely directed to the correct bank account.
Go to Media
