The rise of bogus law firms and identity theft

The Solicitors Regulation Authority (SRA) reported law firm losses exceeding £700,000 in the opening half of 2019, attributing them to identity theft and the use of impersonation tactics.

The legal sector has been bombarded by unscrupulous cyber criminals in 2019. The Solicitors Regulation Authority (SRA) reported law firm losses exceeding £700,000 in the opening half of 2019, attributing them to identity theft and the use of impersonation tactics. 

The threat is incessant and unrelenting according to law firm representatives. Results to the latest Annual Law Firms’ Survey 2019 found 100% of the top 100 law firms had suffered a security incident. 

What is a Bogus Law Firm? 

Quite simply, bogus law firms are fakes impersonating genuine law firms or totally fictitious, using the trust of the legal profession to prey on unsuspecting consumers. 

Fraudsters will clone websites, steal logos, use the identities of regulated legal service practitioners, and masquerade as a genuine firm using sophisticated social engineering techniques.  

In the past three months alone, the SRA have alerted the public to 9 bogus websites claiming to be SRA regulated firms and 16 scam alerts concerning email and phishing fraud. 

Scams can include intercepting information during a transaction before attempting to amend details, such as bank details, in order to complete the scam and steal huge amounts of money. 

The threat is very real and could lead to severe reputational and financial damage if the attack succeeds. 

How Can Firms Protect Themselves? 

Spoofing and Impersonation Fraud 

Law firms who do not protect their domain names can become vulnerable to spoofing attempts. Cyber criminals are becoming increasingly adept at successfully identifying themselves as a law firm by falsifying their digital data or exploiting weaknesses in the defences of law firms. 

91% of firms had been exposed to email spoofing according to Crowe, KYND and University of Portsmouth’s Centre for Counter Fraud Studies into legal sector vulnerabilities online. 

Worryingly, unless a law firm protects their domain, a fraudster can send emails from your exact email address with no substituted letters and all the correct styling. 

In this scenario it would become all but impossible to spot the imposter, protect your law firm and the client you are working for. 

Fortunately, Lawyer Checker is able to provide comprehensive domain protection through our OnDMARC service. 

OnDMARC email protection will actively block phishing attacks and prevent third parties impersonating law firm email domains.  

Make sure all communication to clients, suppliers or employees is only sent from yourself and not fraudsters convincingly pushing a bogus version of your firm! 

Property Fraud 

Throughout 2019, £208 million was stolen through push payment fraud. Here, fraudsters use social engineering tactics to convince their targets to transfer money directly to the criminal. When conveyancers are transferring such large sums of money, it is imperative that no mistakes are made.   

Lawyer Checker’s Account and Entity Screen (AES) uses a unique database to check the account details of the law firm you are sending funds to; ensuring that all enhanced due diligence checks have been made.  

Additionally, with inheritance and probate fraud on the rise, Lawyer Checker’s Consumer Bank Account Checker is able to validate the source or destination of funds, protecting the transaction when dealing with client monies. 

Website Protection 

Over four fifths (80.5%) of the law firms surveyed by Crowe, KYND and University of Portsmouth’s Centre for Counter Fraud Studies had email or website server vulnerabilities which could be exploited by cyber criminals. 

Cyber Essentials is a Government backed accreditation scheme, that protects your organisation, whatever its size against a range of the most common cyber attacks.

With cyber attacks becoming an increasing blight on society, with more being reported on in the news, understanding what options you have when it comes to cyber security is important.

Cyber Essentials identifies fundamental technical security controls that an organisation must have in place to help defend against internet-borne threats. These include boundary firewalls and internet gateways, secure configuration, access control, malware protection and patch management.

When implemented fully, it can protect a business from low and mid-level attacks, helping to guard against the most common cyber threats. 

Additionally, Lawyer Checker can help law firms learn about their weaknesses in their system prior to an attack through penetration testingphishing testing and vulnerability scanning. 

Make sure you firm, clients and third parties are safe from criminals.

If you’d like more information about any of our fraud prevention services or to book a demo, please call 0800 133 7127 email: support@lawyerchecker.co.uk or submit the form below.