Criminals raid 50 firms in cyberattacks this year – SRA
Up to 50 firms have fallen victim to cyberattacks since Christmas as criminals find ever-more sophisticated ways of targeting the legal sector.
The Solicitors Regulation Authority revealed the number of attempted thefts has continued to rise this year, with between £40,000 and £2m stolen in each case.
Experts warn the legal sector is particularly vulnerable to cybercrime as organised gangs are attracted by the large sums of money being moved to and from firms.
Scams include phishing to gain people’s trust and make them volunteer bank account details, malware to infect computer systems with a virus, redirecting sensitive emails and transferring standing orders.
In one example, a solicitor was kept on the phone for two hours by a criminal pretending to be from their bank, while on another occasion the fraudster had seen on social media that the solicitor had a dog, and so engaged him on that apparently shared interest.
Clients have even been targeted with emails purporting to be from their firm, saying the firm’s bank details have changed and encouraging them to send money to the new account.
‘It is no longer about someone holding themselves as a solicitor, but sophisticated techniques to get you to part with information,’ said Steve Wilmott, head of intelligence and investigations at the SRA.
‘We don’t want to deter you from using new technology and you can’t gold-plate every aspect of your service, but you can mitigate the risks.’
Attendees at yesterday's COLPs and COFAs conference in Birmingham were advised to update software security, use more complicated passwords and always check more than once if it really is the bank or client on the phone. Clients should also be made aware of the threats of cybercrime when they instruct a legal adviser.
Meanwhile, Wilmott revealed that 30% of firms subject to anti-money laundering checks have given no training to the person in the firm expected to report it.
This year the SRA has visited 270 firms thought to be at high risk of money-laundering schemes, with 20 requiring a return visit to learn more about ways to combat it.
As well as a lack of training, some firms were found to have issues with updating their procedures and were still referring to the rules of defunct bodies such as the Serious Organised Crime Agency, which ceased to exist in 2013.
The SRA said it has two or three ‘quite serious’ investigations ongoing against firms involving possible offences of the proceeds of crime act 2002.
Wilmott revealed the number of reports of money laundering issues fell by 8% in 2014, bucking the national trend of increasing reports.
It is likely the multi-jurisdictional Financial Action Taskforce will focus on this issue of non-reporting when it next visits the UK in around 18 months.
Comments