rblog

Be scam aware

By Zulfana Begum on 6 July 2015

July is Scams Awareness Month 2015. Citizens Advice and Trading Standards Services are holding a series of activities throughout the month to raise awareness of different types of scams and how they work. Their aim is to create 'a self-supporting network of confident, alert, consumers. People ready, willing and able to spot scams'.

We are seeing an increase in scams in the legal services market. In 2014 we issued 183 scam alerts. This is up from 97 in 2013 and only 19 in 2012. The methods used by fraudsters are also becoming increasingly sophisticated. As a result, I thought I would take this opportunity to share some of my knowledge about fraud in the legal market.

The methods fraudsters use to steal money and confidential information from both law firms and their clients are evolving fast. Frauds are increasingly happening online as this provides greater anonymity to fraudsters, therefore making it more difficult to bring them to justice. It also allows fraudsters to set up the frauds more easily, and at less expense to themselves.

Below are brief descriptions of some of the key scams we are seeing in the legal market. A 'top tip' on how firms can control the risk of becoming a victim follows each description. Although I have only given one risk control against each scam, in reality, a firm would have to implement a combination of appropriate controls to manage the risk.

I'd like to point out here that the following doesn't constitute formal guidance. The top tips are based on general good practice.

Scam 1: 'Phishing' emails

Fraudsters often send out bulk emails to members of the public, asking for money or confidential information, under the guise of being a solicitor or working for a law firm. They often use the name of a genuine solicitor or firm.

Top tip: If someone contacts you about a transaction they think you or your firm is dealing with when you are not, dig deeper and contact us immediately if the circumstances seem suspicious to you.

Scam 2: Cloned websites

We are increasingly seeing cases where fraudsters have created fake websites, with content copied and pasted from the websites of genuine firms. Stolen content often includes the names, professional profiles and photos of genuine solicitors. The website may be created using the name of a genuine or fictitious law firm. Cloned websites are often referenced in 'phishing' emails to make the sender appear genuine.

Top tip: Search the names of your firm, partners and other fee-earners on the Internet regularly to see if anyone is using your details without permission.

Scam 3: Solicitor-client emails intercepted

We have recently seen a number of cases where fraudsters have illegally gained access to email accounts to intercept genuine emails between the solicitor and client in conveyancing transactions. The fraudsters subsequently send messages to misdirect funds into bank accounts they are operating. It is likely that the fraudsters carry out this scheme by gaining access to the firm's system beforehand, as this would allow them to identify specific legal transactions and the clients they relate to. For example, where the solicitor is acting for the client in the sale of a property, the fraudsters hack into the client’s email account to send an email to the solicitor. Pretending to be the client, they will ask the solicitor to send the proceeds of the sale into an account they are operating. Conversely, where the solicitor is acting for the client in the purchase of a property, the fraudsters will hack into the solicitors email account. Under the guise of being the solicitor, they will then instruct the client to send the funds into an alternate bank account.

Top tip: This is a sophisticated fraud. Firms may be able to prevent fraudsters from gaining access to their systems by maintaining an up to date antivirus, Internet browser and operating system.

Scam 4: 'Vishing' telephone calls

There has recently been a number of 'vishing' (or 'voice phishing') frauds in the legal market. This usually takes the form of fraudsters calling law firms to obtain sensitive information, such as log in details for online banking accounts. These frauds can be very convincing, with firms often being targeted during busy periods when they may be tempted to let their guards down. In one incident, fraudsters managed to steal more than £1 million from a law firm’s client account.

Top tip: Your banking provider will never ask for your online log in information. If you receive a call from someone claiming to be from your bank, make sure you hang up and call back using a known number, preferably from a separate connection such as a mobile phone.

Scam 5: Malicious email attachments

There have been some cases of law firms in the US losing significant sums of money from their office and client accounts after inadvertently downloading 'malware' (malicious software) onto their computer systems. The malware is likely to have worked by detecting attempts to connect to bank websites, and redirecting the user to a fake version run by hackers. This is then followed by a perfectly timed phone call from the fraudsters who, by pretending to be calling from their banking provider, offer to help the firm log in to their online bank account. The objective is to obtain the firm’s online log in details.

Top tip: In addition to the 'top tip' under Scam 4, maintaining an up-to-date antivirus, internet browser and operating system can help protect against this type of fraud.

Further information

For more information on the type of frauds we are seeing in the legal market, please refer to the following sources:

Reporting to us

If you think fraudsters may have targeted you, please let us know immediately by contacting us via report@sra.org.uk.

Zulfana Begum is a Risk Analyst at the Solicitors Regulation Authority.