The 'Friday Afternoon' Scam
The ‘Friday Afternoon’ Scam
The latest scourge of the cyber-crime variety is becoming known as the ‘Friday Afternoon’ scam. It sounds rather like an intriguing French film, but alas is considerably less entertaining - and it’s something all law firms should look out for in the coming months.
It was reported in the Gazette recently that over the past months at least three firms have lost a total of £2.5 million between them, having been targeted by ‘vishing’, a particularly insidious type of cyber fraud. It’s become increasingly associated with attacks on Friday afternoons, since fraudsters are aware that conveyancing firms in particularly have decidedly full coffers at that time of the week
‘Vishing’ is conducted by phone call, when fraudsters phone employees at law firms, posing as representatives from their banks. The criminals are able to offer convincing amounts of information about the firm and its business, often having undertaken a considerable amount of research beforehand whether by hacking into systems or merely trawling social media and business network sites. Callers are frequently so plausible, and apparently so well-equipped with information, that even typically fairly savvy employees are tricked into revealing highly confidential, and highly compromising, information.
Law firms should be aware that cyber crime continues to be a steadily growing threat, and one that is deeply of concern to the authorities. Last year the City of London Police Commission declared that cyber criminals represented a problem that was ‘bigger than the drug trade’. And law firms are far from alone in being victims: there has been a considerable increase in cyber crime right across the UK, and with all business sectors falling foul.
It would seem, though, that law firms have some way to go before they can claim to being fully on top of their cyber security game. The Information Commissioner’s Office (ICO) investigating some 173 law firms for data breaches in 2014, and reported that legal data breaches were the fourth most frequent of any sector.
What’s to be done, when cyber criminals seem always one step ahead of attempts law firms make to guard against attack? Keeping up to speed with the latest forms of attack is crucial. ‘Ransomware attacks’ - in which firms’ data is encrypted so as to be useless to the firm, and only released on payment of a ransom – is a key trend, as is sing information gained from hacking or from social media to pose as law firm to clients, in order to extract money from clients. There’s increasingly a link between cyber crime, and fraudsters able to act as bogus law firms in order to steal from clients.
As a first step, firms should ensure they are fully aware of advice and cautions offered by the regulator on how to ensure they are equipped to combat the threat of cyber crime. It’s estimated that up to 80 percent of cyber attacks can be prevented by the implementation of simple guidance, and it’s well worth looking at that SRA’s paper Spiders in the web: The risks of online crime to legal businesses
Firms should also ensure that any third party partners are absolutely ahead of the curve when it comes to cyber security – not least when working with litigation support partners such as Legastat. At Legastat, we ensure that the services we offer our clients, from eDisclosure and eDiscovery to creating digital bundles and advising on all aspects of legal tech, treat cyber security as a top priority, to protect our clients – and their clients.