99% of UK law firms at risk of email fraud

Research shows that only 1% of the UK’s top 100 law firms have sufficient measures in place to protect against basic forms of email fraud. The findings from cloud data intelligence firm OnDMARC come as a stark warning to lawyers who are obligated to protect sensitive client information and monies.

Worryingly, while adequate security measures are lacking, the use of fake or compromised email accounts to steal information is on the increase. Typically, hackers will assume the identity of someone in authority to trick employees into making money transfers to fraudulent accounts or sending them confidential data. And, legal businesses have become a tempting target for cyber criminals seeking lucrative prospects. In fact, according to the SRA’s Spring 2018 Risk Outlook (protecting client money):

“Keeping client money safe is a risk with many external threats. For example, we get regular reports of bogus firms copying the identity of real firms, often with the intent to steal client money. We received 640 reports of this in the 12 months to January 2018. Our warning notice about bogus firms gives more information.

“Cyber crime is an increasing risk to client money. Reports of cyber crime have increased from 103 in 2016 to 157 in 2017, with a reducing proportion of those reports involving email modification fraud. We know that firms are taking steps to control this fraud and we regularly give information to help firms stay cybersafe.

 “Dishonesty involving client money will usually lead to a solicitor being struck off the Roll. In January 2018, a solicitor was struck off after they took nearly £100,000 from the client account and claimed £328,000 of excess costs.”

With law firms obligated to replace any lost client funds, the financial burden of email fraud could be crippling. As such, it is more important than ever that legal businesses put robust security measures in place. Should firms fail to do this, the economic and reputational cost of any cyber attacks could be devastating to the profession.

While many firms have invested in standard IT security solutions, they often fail to realise that these measures will not adequately protect them against phishing attacks. It’s just too easy for a criminal to exploit a firm’s email domain to impersonate the company and send counterfeit messages to clients and stakeholders.

But, the tool does exist to combat this threat and reduce the risk. DMARC technology stamps out email fraud by actively blocking phishing attacks and preventing third-parties from impersonating an email domain.

Lawyer Checker – which provides technology and products to help protect lawyers and consumers – has recently launched an OnDMARC service designed specifically for the legal profession. By using OnDMARC, the 99% of firms currently vulnerable to email fraud can protect themselves from reputational or financial damage.

In light of the EU’s General Data Protection Regulation (GDPR), every legal business should now be looking to configure their domains to prevent email impersonation.