There has recently been a lot of headlines about clients mistakenly transferring their deposit to criminals at the point of exchange in a property transaction.
While this is a very real threat, as the recent Howard Mollett incident has shown, it is not the only cyber-related risk law firms need to be aware of.
Here are 2 more ways cyber criminals could damage your firm, without going anywhere near your clients:
1. Chief Executive Fraud (or President Fraud)
The term ‘Chief Executive Fraud’ (or President Fraud) refers to a targeted phishing attack, where an individual in the firm is sent a fake email which looks as though it has come from a Managing Partner.
Such requests typically ask for a sum of money to be transferred urgently, and may also “remind” the target that this was supposed to have been done the week before in order to panic them into complying.
According to Lockton Insurance, this is a common problem, and they receive around 2 calls a week from law firms claiming they’ve been a victim of Chief Executive Fraud.
The success of this type of fraud relies heavily on social engineering to create a stressful situation where the target feels under pressure to respond quickly to an email from one of their superiors – without questioning the validity of the message.
Did you send £20,000 to Michael J Hart?
Account details XXXXXXX
I thought I asked you to do this last week, but Michael has just phoned to say he hasn’t received the money?
Please get this done today.
These highly-targeted attacks are typically the product of lots of research, from using sites such as LinkedIn to establish the company hierarchy, to monitoring the firm’s website and social media accounts for useful snippets of information.
2. Ransomware attacks
A “ransomware attack” is when a cyber-criminal infects a computer system with a piece of malware, which places a digital blocker on the system so that the victim firm can’t raise an invoice or continue business as usual. This can happen as a result of just one member of staff clicking a link in a rogue email.
The cyber-criminal will then hold the firm to ransom, with a message appearing on their computer screen asking them to pay them money for the digital release key.
In most cases, if the ransom is paid, the victim will be given the digital key which will give them back control of their systems. However, this can also result in their firm’s name being listed as an “easy target” online, on the dark web, for other cyber-criminals to take advantage of.
According to Lockton Insurance, there has been a 600% increase in ransomware attacks in the last 12 months, with consequences ranging from top fee earners being unable to raise invoices, and the cost of the time and resources it takes to fix the problem, through to delays in exchanging contracts in a property chain.
Here are some top tips to help keep your firm safe:
- Think about what type of information you share on social media and company news feeds
- Regularly back up your computer systems
- Pick up the phone and check with your colleagues if you suspect unusual email activity
- Regularly train your entire workforce on cyber risks
- Keep cyber crime on your board meeting agenda throughout the year
- Educate your clients about the ways they could fall foul to fraud
- Create and maintain a company culture that supports colleagues – even if they do make a mistake
- Develop a simple in-house process for colleagues to report near-misses
With thanks to Peter Erceg and Brett Warburton-Smith at Lockton Insurance