Coronavirus (COVID-19): Cybersecurity, fraud prevention and lawtech

Overview

The current lockdown has changed the way legal services are delivered. These changes have presented an opportunity for cyber-criminals and fraudsters.

The Home Secretary has reported that cases of fraud and scams have increased significantly since lockdown.

The Department for Business, Energy and Industrial Strategy has flagged scams related to the business support measures that are currently available from the government.

We're supporting solicitors and law firms to:

  • prevent fraud and scams and help their clients to stay cyber-safe
  • safely deliver legal services online
  • run their organisations effectively by using legal technology

Preventing fraud and scams

Recognising scams

Fraudsters are taking advantage of the measures announced by the government to support people and businesses affected by coronavirus. For example, scammers may text, email or phone taxpayers pretending to offer financial support or tax refunds, or demanding payment of tax that they claim is owed.

We've partnered with the Fraud Advisory Panel which helps people and organisations to protect themselves against fraud. The latest insight suggests that these are the most common forms of COVID related fraud which are relevant for legal services:

Cyber Risks for Businesses

  • Invoice fraud
  • Synthetic IDs are being used in payroll frauds
  • Business email compromise
  • Changes in business purposes and type of good sold (to PPE, face masks etc)
  • Payment diversion fraud using COVID-19 as a reason for changing bank details, for example, corporate restructuring
  • Fake standing orders being set up from clients’ accounts and bank account takeover fraud

Impersonation of Government Services

  • Fake COVID-19 contact tracing apps
  • Impersonating NHS test and trace service
    • Fake emails and text messaging requesting personal details
    • Misuse of services to cause business disruption
  • Fraudulent applications:
    • Fraudsters using open source data to apply for stimulus funding on behalf of legitimate businesses
    • bounce back loans, universal credit, government stimulus grants
    • to file fraudulent unemployment claims using stolen personal information by international parties
  • Impersonation of Government departments (especially NHS IDs and Medical Supply Services)
  • Phishing emails:
    • impersonating online communications platforms
    • (esp. Office 365, HMRC, Debt management companies and PPE)
    • HMRC (Tax refunds, online applications for grants and government gateways)

Anticipated/Emerging issues

  • Phishing emails exploiting recent data breaches
  • Resurrection of a malware banking trojan which victims are exposed to via emails claiming to offer financial relief
  • Heightened risk of insiders, professional enablers and OCGs involved in fraud
  • Increase in Tenancy and Conveyancing fraud
    • There are concerns in the current crisis that fraudsters could begin to inflate property prices to gain access to finance

See the government’s guidance:

Read our guidance on how to identify a cyber attack

Reporting scams

The government has published guidance on how to avoid and report scams.

Forward suspicious emails claiming to be from HMRC to phishing@hmrc.gov.uk, or texts to 60599.

If you think you’ve fallen victim to a scam:

Read our guidance on what to do after a cyber attack

Read our practice note on protecting your firm if you fall victim to a scam

This practice note sets out the legal and regulatory requirements applying when a firm’s client account falls victim to scammers, and has advice on overcoming problems which might otherwise lead to the failure and closure of your firm.

Reporting Coronavirus Job Retention Scheme fraud

The government has asked that individuals and employers play a role in making sure that the Coronavirus Job Retention Scheme is not abused, as fraudulent claims take money from the NHS.

Fraud could include an employer:

  • claiming money from the scheme but not paying employees what they’re entitled to
  • asking employees to work while on furlough
  • making a backdated claim that includes times when employees were working

If you are concerned an employer is abusing the scheme you should report your concerns via the GOV.UK website.

Safely delivering legal services online

We’ve published resources to help members in delivering legal services:

Comprehensive threat analysis and guidance about malicious cyberattacks and actors is available from the National Cyber Security Centre (NCSC). We recommend that you monitor the NCSC website regularly for the latest information.

Sign up to our cybersecurity and GDPR news digest to receive cybersecurity news relevant to the legal sector.

Using lawtech to run your organisation effectively

Read our updated practice note on lawtech in legal services for updated advice on the use of lawtech in their practice.

Those new to considering the use of lawtech products and services may find our Introduction to lawtech guide helpful in considering the merits of technology in their practice.

Events

LawTechUK are running a series of topical debates.

The pandemic and subsequent global lockdown has prompted several fundamental questions. Do people really need to gather together in buildings to settle legal disputes? Are legal services meeting the needs of businesses and society in this digital age? Should we return to the old ways or is it time to change for good?

Legal Services after Covid-19: self interest or public interest? Is it time to change the way legal services are delivered?

Date: 14 July 2020, 1pm to 2pm BST

Location: Online

Panellists:

  • Rosemary Martin, General Counsel, Vodafone
  • Judy Perry Martinez, President, American Bar Association
  • Gina Miller, Co-Founder of SCM Direct and Campaigner
  • Jeroen Ouwehand, Global Senior Partner, Clifford Chance LLP

Register you place

Support from our partners

We’re working with partners that are offering lawtech products and services that could help in running your firm during the coronavirus pandemic. Find out more about support and offers from partners.

As part of the City of London Corporation’s continued efforts to showcase the UK’s lawtech ecosystem, they've created a new global LawTech hub.

View all our information and guidance on lawtech