Fraudsters Are Continuing To Target Law Firms

In early September 2018, the SRA warned fraudsters are targeting unsuspecting law firms with new types of work in an effort to defraud them out of client money.

The Law Society Gazette reported the SRA had discovered fraudsters had approached two firms with offers to expand their existing services. Once taken on by the firms and free from supervision, they were able to access client accounts. And it appears monies have been stolen.

Law firms are becoming increasingly vulnerable to fraudsters, whether it be viaFraudsters Are Continuing To Target Law Firms cyber-crime, bogus business partnerships or conveyancing fraud. To stay one step ahead of criminals and protect their law firm’s reputation and client monies, partners and board members must ensure there is a culture of due diligence within the practice, and strict policies and procedures are always followed.

Friday afternoon fraud

Friday afternoon fraud refers to the practice of cyber-criminals tricking legal practices into giving bank details to fraudsters during the time when conveyancing transactions are being completed. It is seen as the biggest cyber-threat to affect the legal sector and accounts for 75% of the total number of cyber-crimes reported to the SRA.

The appeal of conveyancing transactions to criminals is a) the amount of money involved and b) the level of stress associated with transactions. Both of these factors leave firms vulnerable to cyber-fraud.

Conveyancing fraud often occurs during the midst of email exchanges between the client and solicitor. Passing themselves off as a legitimate party to the transaction, fraudsters will request a change of bank account details and ensure the funds are transferred into the new account. And almost all law firms now have contingency plans in place to prevent this type of fraud occurring. However, the nature of cyber-crime is that criminals continue to refine their methods, finding new ways to by-pass IT security systems and transaction checks.

NCSC legal sector report

In July 2018, the National Cyber Security Centre released a report on how cyber-crime is affecting the legal sector. The report found that £11 million in client money had been stolen from law firms over the previous 12-month period and 60% of all law firms had suffered a security breach during the past year.

The report covers four main cyber-threats to the legal sector:

  • Phishing – a type of social engineering where attackers influence users to do ‘the wrong thing’, such as disclosing information or clicking a bad link. This can be carried out via social media or text, but the most common form of execution is email.
  • Data breaches – whereby client information is lost or compromised. Firms who hold politically or commercially sensitive information are most likely to be at risk.
  • Ransomware – refers to a type of malware that prevents a firm from accessing data or files until a ransom has been paid. Attacks are indiscriminate; for example, WannaCry affected almost 200,000 computers in 24-hours in May 2017. Again, email is the most common method of execution. Ransomware was used against DLA Piper in 2017, resulting in the biggest cyber-attack to strike any law firm to date.
  • Supply chain compromise – the increased use of digital technologies to provide legal services provides numerous avenues for cyber-criminals to exploit. Conveyancing fraud is a classic example of supply chain compromise, as it allows criminals to observe the process of a transaction and strike when money is about to be transferred.


Due diligence to protect your business

Following the recent spate of fraudulent business party fraud, the SRA has recommended firms undertake the following due diligence practices:

  • Verify potential business partners and employees as thoroughly as possible. Contact banks and other professional firms to see if the company or individuals have any history of fraudulent activity. Be wary of checking against only one or two other law firms – the fraudsters may have influence over several practices.
  • Utilise the internet and KYC databases.
  • Make checks on official regulator websites, including the SRA.


In addition, be alive to any cagey behaviour or large gaps in work history or an unusual business proposal, for example, an offer to pay partners a ‘salary’ from any new work brought in.

Finally, trust your instincts – they are almost always right. If something is too good to be true, it probably is.

We have been helping legal professionals with professional disciplinary and regulatory hearings for over 20 years. If you have any questions relating to this article, please call us on 0151 909 2380 or complete our Free Online Enquiry and I will soon be in touch.