UK law firms fall foul of £85m Friday fraud hackers
Hackers have stolen £85m from British law firms during the past 18 months after learning they tend to move money through their bank accounts on Fridays.
QBE, an insurance company, said there have been 150 successful cases of Friday fraud and 10 times as many failed attempts. The targets are often smaller, high street solicitors lacking strong internet security systems.
Elina Lusted, a claims manager at QBE, said: “We are seeing an increasing frequency [of these crimes]. The money taken ranges from £65,000 to £1.9m.” Often only a small portion of the money, if any, is recovered.
The hackers tend to strike on Fridays when many housing deals complete and solicitors move their clients’ money.
In the past, criminals would telephone law firms and pretend to be bank staff investigating suspicious transactions. After gaining a firm’s trust, they would then persuade it to send cash payments to their accounts, ostensibly as a test.
One high street law firm lost £173,000 in this way. “We absolutely trusted that this was the bank,” said the firm’s senior partner, who asked not to be named. “They seduced us into thinking they were genuine bank employees.”
Only £20,000 was recovered, with the firm’s insurers covering the rest.
But the scams are now increasingly over email, with hackers gaining access to firms’ or clients’ email accounts via a fake software download. Once inside, the criminals find a transaction that is about to complete and email the lawyers asking for the money to be sent to a different account.
“Anyone with half a brain could carry out these sorts of email scam. They are less sophisticated,” said Ms Lusted. “High street conveyancing firms are not necessarily going to have the latest data security systems.”
QBE said the attacks started appearing two years ago but have recently spiked.
The Law Society, which represents solicitors, is worried about the thefts. “Over the past six months we’ve ramped up our response in the face of increasing numbers of people falling foul of scams,” said Scott Devine, a policy adviser. “I believe that some firms have come close to collapse after falling foul of these things.”
The society has been working with the National Crime Agency, the City of London police and the British Bankers’ Association to combat the problem. It has also discussed with the Council of Mortgage Lenders how to protect client money.
Figures released by PwC, the consultancy, last month showed that one in four UK companies was targeted by cyber criminals in the past 18 months.
Source | FT