Could you spot a fake or modified email?

Email redirection fraud was a lucrative tool in the criminal underworld accruing £123.7 million from UK account holders in 2018 alone, according to a UK Finance report.

Email redirection fraud was a lucrative tool in the criminal underworld accruing £123.7 million from UK account holders in 2018 alone, according to a UK Finance report. 

Of the 7,544 malicious redirection scams completed, over 9,000 payments were made with an average individual loss of £20,750. These statistics highlight the importance of ensuring the people you are communicating with are legitimate. 

The legal sector is a particular jewel in the crown for criminals, who seem to take very little risk and gain a high reward.  This is often due to the archaic stereotype which surrounds law firms and their cyber structure, making criminals think they are an easy target.  

Unfortunately, history and the news headlines, only bolster this fact and show that by sending modified emails to solicitors, criminals are walking away with thousands of pounds.  

Back in September this year, Mr Dudeja’s story hit the headlines. Mr Dudeja and his wife lost their £45,000 deposit after his ‘solicitor’ emailed him asking for him to pay the deposit. The email was in fact sent by a fraudster who shattered the family’s dreams of owning their own home. 

Between the 6th September and 3rd December, the Solicitors Regulation Authority issued 21 scam alerts regarding email modification fraud. Between January and December of this year just under 100 SRA scam alerts have been issued all pertaining to email modification fraud. 

The modified emails are excellent examples of the sophisticated social engineering tactics employed by cyber criminals attempting to successfully commit impersonation fraud.  

What can law firms do to protect themselves and their clients? 

At any given time, there are over 1,400 organised criminal gangs attempting to steal funds relating to property purchases at any one time. 

However, there are steps you can take to prevent both your firm and your clients. These include: 

  • Staff knowledge  make sure your staff are aware of the tactics that cyber criminals use, and ensure they’re vigilant when they’re communicating with clients or other firms via email. Train them to spot the signs, and if they’re concerned, speak to someone
  • Explain the conveyancing process  explain the buying and selling process to your clients so they know what to expect from you and when. This follows the SRA’s Transparency Rules, but also provides client’s with guidance that if something appears to happen out of sequence, they can flag it with you. Also touch on how fraudsters can exploit the conveyancing process to their advantage, and advise clients not to post information on social media and check bank details before sending any monies across 
  • Communication  make it clear to your clients how and when you’ll communicate with them. If they’re aware you won’t contact them out of hours, any emails sent from your firm during these times will sound an alarm bell in their head 
  • Warnings on company emails – some firms have added simple taglines in the footer of their emails advising on the dangers of fraud. For example, that the law firm will not be changing bank account details via email, and what clients should do if they receive such an email
  • Technology – Implement email authentication software, such as DMARC which will prevent fraudsters from cloning your emails 

When it comes to cyber crime, email is a law firm's biggest risk. Without adequate protection in place, anyone can send an email directly to your customers, suppliers or employees pretending to be you.