• 01616 966 229
  • Request a callback
Stephensons Solicitors LLP Banner Image

News and Events

Law firms not being vigilant to cyber crime could be negligent

  • Posted
Data privacy in adoption proceedings... why are so many data controllers still getting it wrong?

Some very high profile claims against firms have recently highlighted not only the dangers of cyber crime in the legal industry today, but has also opened the door for clients effected by such crime, to have recourse against their solicitors.         

Various different types of ‘hacking’ or cyber crime scams have become prevalent over the past few years, mostly resulting from emails being hacked and payment details being altered without either the client’s or the solicitors’ knowledge. This can result in large sums of money, whether that be someone’s damages, inheritance from the administration of an estate, or the sale proceeds in a conveyancing transaction, to be sent to the fraudster. The recipient account is usually very quickly emptied and closed, and the fraudster often disappears without a trace, leaving the firm, the client, and the police, with little they can do to get it back. 

These scams have been called ‘Friday Afternoon’ fraud, as they commonly take place on Fridays, when the majority of conveyancing completions take place, and allowing the fraudsters time over the weekend to move the money, before anyone can realise and intervene.

The Law Society has, over the past couple of years, published guidance to firms in an attempt to ensure that they are made aware of the risks of cyber crime, and that they take all reasonable steps to avoid falling victim to such scams. This guidance, and heavily publicised warnings in the industry, now means that firms have very little excuse to not carry out the appropriate checks before money is sent to a third party. One of the very simple check is to ensure that no payment details are sent in the body of an email, and where they are, they are verbally confirmed with the recipient before the payment is sent.

Claims have not just been limited to email hacking however. Identity fraud is another form of fraud that is on the increase, and has been seen more commonly during conveyancing transactions where someone other than the legal owner of the property poses as the legal owner, and tries to sell the property without the owner’s consent or knowledge. The sale monies are sent to the fraudster before anyone is aware, and again, the fraudster then quickly disappears. 

City firm Mishcon De Reya has fallen victim to such a fraud when acting for a client, and the firm was found to be liable for ‘breach of trust’, rather than negligence or dishonesty, for failing to ensure that the seller’s solicitor had taken reasonable steps to verify the seller’s identity. It was reported by the Law Society Gazette that the firm were potentially facing a pay out of around £1m to the client in damages, though the firm is appealing the decision, and permission to appeal has been granted by the High Court.

Whatever the size of the firm, or however advanced their IT system may be, it has clearly been shown that all firms need to be vigilant in ensuring that they have the security checks in place to avoid the risk of losing client money, and that all members of staff are properly trained to check for potential risks. 

As a solicitor specialising in professional negligence claims, I have seen an increase in enquiries and claims against firms that have lost client money as a result of not carrying out these checks, and many clients are unaware of the responsibilities that firms now face, and the duty that they owe their client. If you find yourself in this very unfortunate position, you should contact us for specialist legal advice as a matter of urgency. We may even be able to offer a ‘no win no fee’ agreement for this type of claim.