Law Firms Could Stop Using Emails To Eradicate Cyber Crime

An expert has predicted that in only five years law firms will stop using emails to be replaced with a more secure means of communication.

Cyber crime is happening all the time and becoming more and more sophisticated. Law firms are particularly targeted due to a lot of sensitive information held on clients and their money – which provides for an extra juicy opportunity for fraudsters.

Conveyancing and probate are predominantly vulnerable to email fraud attacks as they deal with large amounts of money which are often being moved during transactions and administration of estates.

According to Solicitors Regulation Authority (SRA) Risk Outlook 2017/18 report more than 60% of all cyber crimes reported to them are email modification frauds, citing conveyancing firms as a common target in their Risk Outlook Spring Update.

It has also emerged that the SRA have been applying behavioural science to the legal sector to get across their messages about cyber crime.

Dee Pang, chief executive security officer at the magic circle firm Slaughter and May recently presented at a compliance officer conference, which was organised by the SRA in Birmingham, about cybercrime confirming his firm’s emails had been encrypted.

He acknowledged that this was beyond the reach of much smaller firms and said email was otherwise “very easy” to intercept.

Mr Pang was asked by those attending about the effectiveness of not using certain key terms such as ‘bank details’ in emails to deter fraudsters by not drawing attention. He said it would only have limited impact: “If criminals are clever enough to intercept your emails, they’re clever enough to search [them].”

“I think we will see the death of email,” he added, pointing to the widespread adoption by Chinese law firms of WeChat, an encrypted messaging service like WhatsApp.

“It may take another five years to reach Western law firms,” he said.

During the same session on cyber crime, the SRA’s head of research and analysis, Dr Debra Malpass, explained how they have been using behavioral science to show how it can be utilised to help firms fight cyber crime.

She advised that in two trials conducted earlier this year it was revealed that solicitors were far more likely to open an email from the regulator on a Friday, which also included a subject line that fed into their ‘illusory Superiority bias’.

She confirmed that the first trial took over six weeks and involved over 7,000 law firms.

The research found that those who received an email from the SRA warning them about ‘email modification fraud’ – messages from fraudsters that look authentic – were much more likely to engage with it on a Friday than a Wednesday, and four times as likely in the first week.

This is maybe the reason why fraudsters target conveyancers and their clients in what is known as ‘Friday afternoon fraud’ on the well-known popular day of home exchange and completion.

The second trial involved 10,000 law firms who received a ‘warning email’ in the subject line. The first sample group of law firms received a positive message, such as ‘Help the SRA combat fraud’ and the second employed “fear tactics” such as ‘Could you be next?’

The third message which used behavioural science played on people’s “illusory superiority bias” – which means they highly rate themselves more than others and thought they were less likely to be caught out by a scam.

The third message emails subject lines said, ‘You wouldn’t fall for this, but your financial director might’.

Ms Malpass said COLPs were twice as likely to open the third email as the first, and one and a half times as likely to open the third as the second.

Dr John Blythe, a behavioural scientist and research associate at University College London, thinks that businesses are too reliant upon awareness campaigns.

“There is a knowing and doing gap,” he said. “People know what they should be doing but aren’t [doing it].”

He urged solicitors to make sure they have “useable” cybersecurity policies, saying that employees wanted to be productive and they would avoid security to accomplish this.

In other news which relates to cyber crime, the Council for Licensed Conveyancers have revealed that out of the 212 firms they regulate, 11 were the victims of fraud in the past year – but a further 37 said they had prevented attempted frauds.

The results of its annual regulatory return indicated the number and variation of attacks on conveyancers increasing, but it was reported that nearly all regulated firms provided all their employees with training on anti-fraud measures in the past year, while the remainder targeted key staff.

 The article content was originally published by Legal Futures.