A budding cybercrime dubbed ‘CEO fraud’ is posing an increasing threat to solicitors and law firms, according to BBC Radio 4.
The scam, which involves criminals posing as senior CEOs and company directors, sees junior solicitors hit with spam emails seemingly from a senior manager, with the sender’s address only slightly different from the firm’s proper domain.
The emails typically request a business payment or bank transfer and fraudsters tend to use publicly available corporate data from business social media, such as names and titles of officials, to make the emails as convincing as possible.
CEO fraud-related losses in the UK tallied up to £126m last year, according to police figures made public as part of Radio 4 show, You & Yours.
Experts believe that staff are unlikely to question instructions claiming to come from CEOs or high-ranking officials – and it’s this psychological manipulation – often accompanied by a sense of urgency – which has been a major factor in CEO fraud’s success.
The Solicitors Regulation Authority (SRA) has subsequently spoken up, urging law firms to be aware of the scam and take all necessary precautions to avoid falling victim.
The SRA has highlighted the scam on several occasions at ongoing cybercrime presentations.
Action Fraud, the City of London Police’s fraud subsidiary, warned in February that there had been a serious rise in the incidence of CEO fraud, with one global company claiming to have lost £18.5m to the scam.
“Junior people in very large organisations need to feel comfortable to ask the question of someone senior whether or not this is a real transaction,” said Commander Chris Greany from City of London Police.
An SRA spokesman added: “It is important that law firms make sure they have appropriate processes and systems to protect themselves – and their client’s money and information – from these sort of crimes.”