What is Friday afternoon fraud and how can legal firms prevent it?

Friday afternoon fraud is the most common form of fraud in the legal sector and incidents are on the rise. According to the Solicitors Regulation Authority (SRA), end-of-week scamming makes up 75% of cybercrime reports.

Usually acting on the busiest day of the week, Friday, and typically targeting people during mortgage transactions, criminals hack into the email chains of clients or providers, taking advantage of unencrypted email in transit. Hackers then engineer a diversion of a payment to their bank accounts, using the weekend and three-day transfer time to escape with the money. When successful, little that can be done for those affected. 

Buying a house is a complicated process, with multiple parties working together to ensure as pain-free a transaction as possible. However, Friday afternoon fraud scams are difficult to spot and devastating for those involved. Due to the huge financial and personal repercussions, these incidents often hit the headlines with victims losing tens of thousands of pounds. To make matters worse, incidents often result in legal battles between firms and their clients.

So what can firms do to protect themselves and their clients from end-of-week scamming?  

Five ways to avoid Friday afternoon fraud

There are a number of ways firms can avoid falling foul of this common scam: 

1. Protect financial details in email: Perhaps the easiest way of preventing Friday afternoon fraud is to never share financial information (including bank account details) by email. However, as email remains king for the legal sector, this is easier said than done. 

Enhancing your email client with advanced encryption protects data in transit and at rest. In addition, applying two factor authentication to emails ensures only the appropriate recipient can access emails and attachments. Simply put, email alone does not provide the required levels of security to protect sensitive data. Strengthening M365, Outlook, or Gmail with additional security features enables employees to continue emailing clients effortlessly, with the confidence that data is protected.

2. Keep an eye out for changes in bank account details: If a bank account is less than one year old, it is up to the solicitor to assess the risk. It may be that there is a reason that an account is less than 12 months old (for example, perhaps the sellers are separating). It is up to the solicitor to determine whether the reason is legitimate.  

3. Prevent common human errors in email: According to the ICO, over 75% of data incidents reported since 2019 were due to non-cyber related issues - that meaning, human error. Three causes come out on top: failure to redact sensitive data before sharing, misuse of Bcc, and data sent to the wrong person. 

Working under tremendous amounts of pressure, it is no surprise that mistakes occur. Rather than blaming people, it is time to turn our attention to the tools we rely on every day. As previously stated, email remains a key tool and one of the biggest risk vectors. By enhancing existing email clients with human error prevention tools, solicitors can work efficiently and securely, with in-the-moment notifications to potential errors. In this way, users can take action before mistakes happen, such as auto-fill mistakes to ensure they have the correct recipient in the ‘to’ field, or revoking sensitive data from files before sending. 

4. Communicate with clients: While Friday afternoon fraud is likely a familiar subject to you, your clients may not be aware of the risks. With this in mind, it is good practice to explain the actions your firm takes to protect sensitive data, including the requirements for them, such as use of 2FA or Time-Based One-Time Password (TOTP), agreed with clients for an agreed period of time during the onboarding process.

5. Enhance your tech with advanced security: Fridays are often the busiest day for firms, with the majority of property conveyancing transactions taking place on Friday afternoons. Time-strapped people don’t have the time to complete security training - that’s why the tools we rely on everyday should be trusted to provide the required levels of security to ensure compliance with data protection legislation, and prevent unauthorized access to sensitive information. Multi-factor authentication, encrypted file sharing, and automated security protocols can cover human complacency. After all, we’re all human, and tech should do the hard work for us.

How can Zivver support your firm?

Zivver’s Secure Email utilizes machine learning powered business rules, tailored to the specific needs of your organization, to read the body and attachments of email and notify users to the presence of sensitive data, such as bank account details and other personally identifiable information.

With a complete reporting suite, users have access to legally verifiable proof of delivery statuses of emails sent, received and opened. In addition, our zero-access encryption technology means we don’t keep encryption keys - so when we say secure, we really mean it. 

To learn more about how Zivver supports email security for legal sector organizations, speak with one of our experts.