In the rapidly evolving digital landscape, both individuals and businesses are increasingly vulnerable to fraud. In UK Finance’s annual fraud report 2024 it was estimated that there were losses totalling £1.17 billion due to payment fraud in 2023 and so it remains a major threat to UK consumers.
At Hegarty, we recognise the importance of protecting our clients from these ever-present threats. When we are helping you with a legal matter there may be times when large sums of money are paid or moved, such as when buying a home, but there are also general transactions, such as paying your legal fees, which means that legal transactions are particularly vulnerable to being a target for fraudsters.
Here we highlight the various risks associated with fraud and offer valuable guidance to help our clients secure their personal and business transactions and assets during their legal matter. By understanding these risks and implementing effective preventive measures, together we can better protect you against potential fraud.
How might I be targeted during a legal transaction?
Sharing personal and financial information online or via email when making purchases or registering for services has become routine. Criminals are aware of this and often target personal data to deceive customers into making unauthorised payments or providing sufficient information to gain access to and control accounts.
Ways you may be targeted:
A change to bank details
One way clients are tricked into sending funds to fraudsters is by being sent alternative bank details asking for payment. The bank details may look like they are being sent by a company you are dealing with such as a solicitor, bank or agent notifying you of a change to their bank details or asking for an unexpected payment. However, you may in fact be being directed to make a payment into a bogus account set-up for the purposes of fraudulently obtaining funds.
At Hegarty our bank details are contained in our client care letter and invoices. Our bank details will not change. Please telephone us on our usual office number 01733 346 333 to verify bank details before sending us any money if you are at all unsure.
Should you receive any communication purporting to be from us with a change of bank details please immediately telephone us on our main office number.
Email Impersonation
Fraudsters can email using similar looking email addresses such as johnsmith@hegarty.net instead of john.smith@hegarty.co.uk, or by changing certain letters such as j0hn.smith@hagarty.co.uk or jon.smith@heggarty.co.uk. A fraudster may email with what appears to be a genuine email discussing your matter and then request payment to be made into a fraudulent bank account. Find out more about spotting a scam email.
Interception of emails
Hackers may intercept emails between individuals and their law firm using increasingly sophisticated attacks on email systems. The fraudster then requests payment to be made into a fraudulent bank account.
Phishing, vishing and smishing
Phishing, vishing and smishing often involve building a personal relationship with a victim and obtaining personal details usually resulting in the request for money to be paid into a fraudulent bank account. The difference between phishing, vishing and smishing is the medium used, phishing is via email, vishing via phone and smishing via text or SMS. A fraudster using email or telephone will attempt to obtain confidential information via a link or by replying to the communication.
Malware
A harmful software that disrupts, spies on, damages or attempts to gain unauthorised access to a computer . A particularly dangerous form, ransomware, encrypts files and demands a ransom in return for a decryption key.
What we are doing at Hegarty to protect you from risk
We know that scams are increasingly sophisticated and can take many forms. At Hegarty, we take cyber security very seriously and are vigilant for attempts to target staff and clients using fake emails, letters or phone calls.
To protect our staff, firm and clients from such scams we have robust IT systems and procedures in place including:
- Multiple layers of anti-virus and malware protection.
- Use of access controls such as multi factor authentication.
- Use of the latest IT systems with backups.
- Regular staff training on cyber security and data protection.
- Government backed Cyber Essentials certification.