Solicitors email hacked - How to spot and combat cyber crime!

16/10/2018
Property solicitors find themselves under attack from cyber criminals using increasingly sophisticated techniques to obtain their clients' data. Conveyancing clients are a prime target for this type of scam as, in most cases, they hold a large sum of money that they are looking to use to buy a property or are expecting proceeds from the sale of their homes. In 2017 cyber crime robbed clients of £7 million and in 2015-16 £1 billion was lost to business from online crime (source: Solicitors Regulation Authority).

The Solicitors Regulation Authority (SRA) understands the importance of vigilance in relation to cyber crime and has highlighted some of the more important areas to be briefed about within a release by its Chief Executive Paul Philip called IT Security: Keeping information and money safe.

In our article, Conveyancing scam could cost you £1,000s we highlighted the risk of fraud relating to bank details, however we are seeing new techniques being used and this article is aimed at helping you spot and combat these evolving threats.

5 Tips on how to spot and combat scam emails and email hacking

    1

    Virus, worm or a trojan?

Knowing the difference between these 3 will help you spot them:
  • Virus - viruses can cause anything from comparatively minor to very serious damage to your hardware, software or files. You can only get a virus if a computer user runs an infected program from a link in an email or an attachment. If a solicitor gets a virus then the virus can spread to other computers both in their office and to their clients and other solicitors by sharing infecting files or sending e-mails with viruses as attachments in the e-mail.
  • Worm - a worm is like a virus and spread from computer to computer, but unlike a virus, it has the capability to travel without any help from a person. A worm is very dangerous for a conveyancing solicitor as it can copy itself and email your contact list.
  • Trojan - A Trojan horse is not a virus. It is a destructive program that mimics a genuine application - it might, for example, look like a link to a OneDrive file. Unlike viruses, Trojan horses do not replicate themselves but they can be just as destructive. Trojans also open a backdoor entry to your computer which gives malicious users and/or programs access to your system, allowing confidential and personal information to be stolen.

    2

    Check the download link from clients

Businesses often email with links embedded into words. These words lead you to believe that by clicking them you'll go somewhere useful or informative, however when you click the URL it can download a virus, worm or Trojan. This is an example of how you can hover over a link before clicking it to see what the link is before you click it - Hover over here and look to the bottom left of your monitor to see the URL. When you get a link in an email if you hover over it the link will appear above the word. Make sure not to click on any link when you do not recognise the URL.

    3

    Check the name and email address

You sometimes get a name at the top of the email next to the email address of who has emailed you; especially if you email that client on a regular basis. Scammers use this technology and show the name of someone you recognise, but the email address is different. Always report these emails as spam and flag them to your IT department.

Scam email addresses and names to watch out for:

Do not reply to these emails

Name

Scam email

Robert Arthur

simbeta@outlook.com

Rachelle Moskowitz

kingsfordsolicitors@usfirstitle.com


    4

    Were you expecting the email?

Scammers often hide behind a well-known brand or brands to get a solicitor to click on a link they believe to be real or relevant. These messages could be:
  • Microsoft Outlook - Your account has been temporarily blocked. Click the link to activate.
  • Microsoft Outlook - Message failure.
  • Microsoft Onedrive - Click to download documents.

Here are some examples of what scam emails look like

[None of the example emails below have clickable links]

Solicitors email hacked - Example

Solicitors email hacked Example2

Solicitors email hacked - Example3

Fixed Fee, No Sale No Fee with a 5 out of 5 rating

 
    5

    Some emails look very real

As we have seen above scammers often design emails to play upon what a solicitor would expect to see in a bona fide email message - for example, emails which concern unblocking an account or dealing with a change of password issue - which might be seen quite often by solicitors, which is why scammers focus on these messages. The challenge though is how the scammers are evolving their messages to link into the conveyancing process and for the client and the solicitor it could be a very authentic-looking message (as you'll see in the example below). The things to look for in the email are:
  • Email format - does the email have a salutation, use first names (or last if this is your normal communication style) and does the signature look the same as previous emails received? Scammers struggle to replicate the formal format of a solicitor.
  • Does the email make sense? - scammers aren't property solicitors so the context in the email is often incorrect.
  • Spelling and grammar - as sophisticated as email hackers are, their spelling and grammar are more often than not atrocious. Look for this as a sign of a scam email (see the example email below).
  • Are the email address and name the same? - unless the email hackers have access to your email exchange they are unable to email from your email account. For example, only our company can email from my email address (unless your computer has been hacked - see below) andrew@samconveyancing.co.uk. However, email scammers often use similar email addresses to make it seem the email address is correct. For example, andrew@ssamconveyancing.post or andrewsamconveyancing@post.com. The SRA reported in 2017 that 500 law firms had been targeted by clients using this approach (these are just the reported cases).

Example of scam email content

I confirm that the Property that you are purchasing has got good and marketable title and there are no adverse conditions affecting it.

You are required to make payment of outstanding funds of purchase price for completion to occur, what date do you intend to make payment, do you have funds in place ? what date is suitable for completion to take place, i will advise completion should take place before the end of next business week, let me know so i can forward our Client care account for receiving funds.

I look forward to hearing from you in due course

Regards

As you can see, the spelling and grammar are bad in this email and the context shows a lack of knowledge of the conveyancing process. If you receive an email like this never reply to it and flag it to your Manager or Head of IT.

What can you do to protect yourself?

Although Microsoft Office has a robust defensive 'auto-junk' tool, cyber criminals are getting more and more sophisticated.

It's always worth getting an extra layer of protective software for your system/s.

While I don't publicly endorse any software commercially here, I've found Malware Bytes - which you can download for free - to be an excellent program for this purpose: you can run an audit of all your computers (on a 'one-by-one' basis) periodically to check for threats (and quarantine/delete them if found) or immediately after you suspect a threat has occurred.

Larger organisations may wish to go further and pay for more sophisticated software which typically is better suited to more complex networks and is likely to be updated very frequently and automatically.

At press time, SOPHOS and Mimecast were names of products/companies offering this kind of paid-for software which were recommended for larger organisations.

What can you do if you have been hacked?

The first sign that a solicitor's email account has been hacked is often a client getting in contact after receiving an email purportedly from their solicitor and asking what the email meant and/or were the meant to receive it. Once put on notice you need to inform your manager and or your IT department.

However, if you are an SRA-regulated firm of solicitors, you are under obligation to report the incident if your client account has been affected. The SRA has stated:

"You have an obligation to report an incident to us if there is a shortage on the client account. It is important that firms that are involved in cyber crimes meet their obligations to replace any monies that have been wrongly paid out of the client account."

The guidance goes to to state:

"We have, in the last two months, disciplined two firms for not making good on client shortages in a timely manner."

The SRA additionally encourages its regulated firms to report all hacking, phishing and vishing* threats.

Click on the following link to view these guidelines and much more on the SRA's cybercrime page.

You might also wish to search the SRA's database for information about known scams and to see a list of recent ones reported.

For further information about cyber fraud and scams in general, please visit Action Fraud's website.

Naturally if a client is affected you should inform them as soon as possible if you have reason to believe that there is a risk to their personal data in order to be compliant with the General Data Protection Regulations (GDPR) which were rolled out in May 2018.

How do you report cyber fraud and scams to the SRA?

Click on the following link to provide information online to the SRA.

* defined as "the fraudulent practice of making phone calls or leaving voice messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as bank details and credit card numbers".


Related News Articles

 
Warning: conveyancing scam could cost you £1,000s
09/10/2018
new-conveyancing-process.png

FREE Online Conveyancing Process for Buyers

Includes online checklists, videos, downloads and tips - plus it is free to use and remembers your progress.

 
Already have an account? Click here to log in