Fraudsters managed to steal £67,000 after hacking into emails between a buyer and solicitor
Howard Mollett, a charity worker, who was working in the US, encountered problems whilst trying to make a down payment on his property. He emailed his solicitors to make them aware of the problem, as he didn’t want to slow down the process.
However, fraudsters intercepted this correspondence between Mr Mollett and his solicitor. They then sent him an authentic looking email, asking Mr Mollett to transfer the funds into a different bank account.
In total Mr Mollett transferred £74,000 to the fraudsters.
This is unfortunately an all too familiar case. It’s devastating for the client and everyone involved. The case highlights two key areas that law firms need to make sure that they address in order to protect their clients and themselves from email modification fraud.
The simpler out of the two issues to make progress on is to implement the DMARC protocol so that a criminal can not impersonate the firms email address. On this occasion the criminal has sent an email purporting to be from the lawyer using their exact email address. Too many firms are leaving themselves exposed to the criminal exploiting this gap. Criminals can publicly see whether a firm has this layer of protection in place.
The second issue that needs addressing is how we as a sector educate clients on what the process is when it comes to paying deposit funds. It is simply not enough to use headers and footers in emails to convey this message. This should be included in client letters and be addressed on initial client care calls. I strongly believe education to clients is a huge part of protecting yourselves from this threat. This education needs to be embedded into cultures.
To help resolve the first issue, I would be happy to offer any firms a free email spoofing test, with your permission we can send an email purporting to be you from your domain. ONDMARC from Lawyer protects against this type of attack To request your free spoofing test please click here.
