Cyber crooks target legal firms in 'Friday afternoon fraud' con
Cyber-attackers are hacking the email accounts of a small number of solicitors acting for home-buyers in a bid to steal tens of thousands of euro, the Law Society has confirmed.
The scam, dubbed the "Friday Afternoon Fraud" and known to take several different forms, generally happens when hackers intercept emails between home-buyers or sellers and their solicitors.
The practice sees hackers generate lookalike email communications, allowing them to pose as the solicitors involved.
During the final stages of a house sale, the hackers send an email to the parties involved telling them that certain bank account details have changed.
They try to tell the sellers or buyers to send an amount of funds to a different account as opposed to the solicitor's account, allowing criminals to gain control of the funds.
A solicitor may also receive a call from a person claiming to be involved in the bank's anti-fraud team, asking for account details and passwords.
They then may be told that the amounts from their clients need to be transferred to another account, thereby allowing criminals access to the funds.
The amounts vary - they could be a deposit for a home or perhaps the proceeds of a sale.
The Law Society confirmed that a number of Irish-based firms have been targeted.
The scam tends to take place on a Friday afternoon, when the hackers believe a large amount of funds are in solicitors' business accounts.
The conveyancing scam is currently the number one cyber- crime in the UK legal sector.
However, it has now been confirmed that Irish-based legal firms are also being targeted.
In a statement, the Law Society said it believed the number of firms targeted here was small, and the prevalence of such activity was not known because "exact statistics are not available".
In a bid to "protect solicitors against these frauds", the society has launched a new cyber-security section on its website that advises members on how to protect themselves.
Rory O'Neill, an investigating accountant with the society, says the continued integration of technology has "significantly increased the risk" of attacks.
He cited cases in which "external emails" between solicitors and their client had been intercepted and read by criminals.
"When a genuine email is sent with bank account details enclosed, the fraudster intercepts and amends the details of the bank account," he said.
"This amended email is then forwarded to the appropriate recipient from the spoofed email account."
If the recipients "act on the emails", the money will be transferred to the fraudulent accounts.
A report published last Nov- ember by accountancy and consulting firm Smith & Williamson showed three law firms out of every 10 have been subject to a cyber-attack in the past 12 months.
Thirty-eight per cent of the country's top 20 firms have been the target of an attack.