Cyber Liability—The Friday Afternoon Fraud
According to a report out of the UK from the Solicitors Regulation Authority, over 75% of the Cybercrimes reported were from the “The Friday Afternoon Fraud”. This involves criminals modifying emails directly, usually by hacking into the email system of an individual. They then alter the client's emails to the solicitor (attorney) or vice versa, altering bank details so funds go to the criminal. The majority of cases involve conveyance of funds.
Such scams often take place on a Friday, as this is the time that deals are finalized and the transfer of funds often take place. This also buys criminals additional time to avoid detection. A quarter of law firms have targeted by cybercriminals, with nearly one in ten resulting in money being stolen. There is no reason to believe that these same statistics do not hold true for the US.
How to detect the Friday Afternoon Fraud or similar e-mail modification scams:
Law Firms, accounting Firms and title agencies that hold large sums of client money are at the most risk. Even for those who do not hold large amounts of client money, it is worth considering this risk. Many supplier frauds and phishing efforts also seek to redirect funds. The following steps that help against Friday Afternoon Fraud will also work against these scams.
Basic Steps:
1. confirm client and third party payment details, for example sending $1.00 to the account details provided and confirming it has been received
2. provide information to clients confirming they will never be asked by you to send money to a different account than that given
3. be suspicious of requests to change payment details, in particular those sent by email with high urgency, and confirm them with the client on a known telephone number
4. confirm that money sent details provided by a third party lawyer is genuinely going to the party intended
These are not the only steps that can be taken but it is a good start. It is worth noting that most of the cybercrimes started with attacking individuals and not systems. Ongoing training of staff is essential. Just click on Solicitors Regulation Authority to read the complete report.
Lastly, too many law firms, accounting firms and title agencies still do not carry cyber liability/data breach insurance and crime insurance. Many of these exposures are not covered by your Errors & Omissions coverage. These policies continue to be an economical way to protect a firm’s assets.