Coronavirus (COVID-19): Cybersecurity, fraud prevention and lawtech

Overview

The coronavirus (COVID-19) pandemic has changed the way that legal services are delivered. These changes have presented an opportunity for cyber-criminals and fraudsters.

The Department for Business, Energy and Industrial Strategy has flagged scams related to the business support measures that are currently available from the government.

We're supporting solicitors and law firms to:

  • prevent fraud and scams and help their clients to stay cyber-safe
  • safely deliver legal services online
  • run their organisations effectively by using legal technology

Preventing fraud and scams

Recognising scams

Fraudsters are taking advantage of the measures announced by the government to support people and businesses affected by coronavirus.

For example, scammers may text, email or phone taxpayers pretending to offer financial support or tax refunds, or demanding payment of tax that they claim is owed.

We've partnered with the Fraud Advisory Panel which helps people and organisations to protect themselves against fraud. The latest insight suggests that these are the most common forms of COVID related fraud which are relevant for legal services:

Cyber risks for businesses

  • Business impersonation – particularly requests for employees to update their bank details
  • Fraudsters posing as legitimate companies and applying for stimulus funding in their name
  • Phishing emails and letters (including for Zoom and Microsoft 365)
  • A new remote access code execution vulnerability affecting Microsoft Sharepoint – the National Cyber Security Centre (NCSC) has seen extensive and successful exploitation of other Sharepoint vulnerabilities by highly capable actors. System owners should take remediation action

Cyber and fraud risks for consumers

  • Phishing emails and letters (including for Zoom and Microsoft 365)
  • Fraudulent coronavirus insurance adverts
  • Fake fines claiming individuals have broken lockdown rules
  • Fraudulent pre-paid funeral plans

Financial cyber risks

  • Companies making fraudulent stimulus funding applications
  • Former employees and company directors applying for loans
  • Fraudsters using social media to target individuals with poor credit history to obtain their bank details to use as mule accounts for stimulus funding applications

Impersonation of government services

  • Fraudsters applying for government stimulus funding in the name of legitimate companies – those companies only finding out when they try to submit an application for stimulus funding

Anticipated/emerging issues

  • Dating and romance fraud is an area of focus and a new taskforce will be targeting the perpetrators
  • Impersonation scams, where fraudsters impersonate the police, a government department, bank or other trusted organisation, have been increasing and are expected to continue to rise
  • Continued rise of suspicious emails being received by individuals and businesses

Reporting scams

The government has published guidance on how to avoid and report scams.

Suspicious emails can be forwarded to report@phishing.gov.uk.

Suspicious text messages can be forwarded to 7726.

Forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk or texts to 60599.

Report a fraudulent advert through the Advertising Standards Agency online tool.

If you think you’ve fallen victim to a scam:

Read our guidance on what to do after a cyber attack

Read our practice note on protecting your firm if you fall victim to a scam

This practice note sets out the legal and regulatory requirements applying when a firm’s client account falls victim to scammers, and has advice on overcoming problems which might otherwise lead to the failure and closure of your firm.

Safely delivering legal services online

We’ve published resources to help members in delivering legal services:

Comprehensive threat analysis and guidance about malicious cyberattacks and actors is available from the National Cyber Security Centre (NCSC). We recommend that you monitor the NCSC website regularly for the latest information.

Sign up to our cybersecurity and GDPR news digest to receive cybersecurity news relevant to the legal sector.

Using lawtech to run your organisation effectively

Read our updated practice note on lawtech in legal services for updated advice on the use of lawtech in their practice.

Those new to considering the use of lawtech products and services may find our Introduction to lawtech guide helpful in considering the merits of technology in their practice.

Support from our partners

We’re working with partners that are offering lawtech products and services that could help in running your firm during the coronavirus pandemic.

Find out more about support and offers from partners

As part of the City of London Corporation’s continued efforts to showcase the UK’s lawtech ecosystem, they've created a global lawtech hub.

View all our information and guidance on lawtech

Maximise your Law Society membership with My LS