Cybercrime and Law Firms


Hardly a week goes by, without yet another report of an attempt by hackers to divert client funds by corresponding by email with a conveyancing client, building up a rapport whilst purporting to be an employee of the client’s solicitor’s firm and then sending an email which sought to amend the bank details to which the client’s funds, in readiness for exchange, should be sent.

It is suggested that the statistics reported are just the tip of the iceberg and far from a true reflection of the scale of the issue as, whilst encouraged to do so, many firm are not reporting thwarted attempts where no monetary loss occurs although considerable time (and thus money) are spent by senior members of staff dealing with the issue.

It is all too easy to fall into the trap of thinking that this won’t happen to you. It could. You may not be able to prevent a cyber-attack but you can ensure that you do everything possible to mitigate the risk of a cyber-attack being successful.

The following simple and practical steps are key in the fight against cybercrime:


  • Educate your client about the risks of cybercrime:
    • • Advise your client at the outset of the matter, in a prominent place in your client care documentation, that you will never send out your bank details by email, you will not change your bank details during the course of their transaction and that if they receive any communication which suggests that you have, they should immediately contact you to discuss and should not, under any circumstances, transfer any funds.
    • • Remind your client of this regularly by a prominent notice on your email footer and on any letters sent to the client.
  • Educate your members of staff about the risks of cybercrime:
    • • Ensure staff only send bank account details by post and not by email.
    • • Provide regular and appropriate training for all members of staff on how to spot cybercrime, different types of cybercrime and what to do in the event of an attack.
    • • Ensure strong passwords are used and passwords are changed regularly.
    • • Don’t assume an email is authentic.

And, of course, ensuring that you have the correct policies, (ie email, social media, data protection, internet usage) procedures and plans (including business continuity, cyber-incident response) in place.

The SRA reports that email hacks of conveyancing transactions are the most common type of cybercrime in the legal sector with £7 million client losses reported in the last year. 75% of these cybercrimes were committed by hackers modifying emails directly, often on a Friday afternoon when most completions take place. Statistics from the Information Commissioner’s Office confirm that during the first quarter of 2016 the legal and justice sector reported the 4th highest number of data security cases and there is a suggestion that these sectors under-report.

Don’t be complacent about cyber-security. The Codes under which lawyers work require firms to have proper risk management procedures in place (including in relation to cybercrime) and to protect client monies and assets.

Legal Eye specialise in risk and compliance for law firms and can assist you with policies, plans and procedures to reduce the risks of a cyber-attack being successful. For more information or for an informal discussion call Rhonda Treacy-Hales on 0203 051 2049.


Any Questions?

To find out more about Products and Services, please complete the form below.