Strike home: The growing cyber threats in your house

Sophisticated cyber stings are no longer focused on businesses – many of us are now being targeted at home, making us all the more vulnerable as we work remotely. Our partner Hiscox explains.

We live in a digital world – thankfully so, as the internet has made our lives much easier during lockdown. But that also means we’ve never been more at risk online. We’re now more likely to have our personal data stolen than our belongings – more than double the number of cases of computer misuse were reported in the year to March than domestic burglaries, according to government figures.

Nearly 4 million cases of fraud were reported in the year to June 2019, most of which (2.7 million) involved bank and credit account fraud, up 17% on the same period the previous year.

Smart devices are now commonplace in our homes, but these devices store our personal information and are vulnerable to being hacked just like our smartphone or computer. Fears about their security reached such a level that in February, the National Cyber Security Centre, the UK’s digital defence force, issued guidelines on how to set these devices up to keep your home and information safe.

Am I at risk?

People often ask why would I be targeted? The question should instead be why wouldn’t I be?

Here’s a quick quiz:

  • Do you have a smartphone, tablet, PC, or laptop?
  • Do you or your family regularly use the internet?
  • Do you have a social media account?
  • Do you shop or bank online?

If you’ve answered yes to any of those, then you’re potentially at risk of cyber fraud, your personal information being lost or misused, or your identity being stolen.

Cybercrime is a multi-billion-pound industry in which the rewards far outweigh the risk, because it’s easy to send out phishing emails to vast numbers of potential targets. In 2017, over a million people fell victim to a sophisticated Gmail phishing attack, which took control of their entire email histories and which then sent the ‘worm’, causing the havoc to all of their contacts.

A potent ever-changing threat

As solicitors, you will be aware that ‘Friday afternoon fraud’ has reached epidemic proportions in the conveyancing sector. But you might not realise that you’re vulnerable to these scams even if you’re not buying a house.

Hackers can break into your emails through weak spots such as Internet of Things (IoT) household devices connected to your home routers. They monitor your email exchanges and, if you’re involved in negotiating a big purchase, then just as you’re about to part with the money, will try to trick you into sending them the money instead by emailing you pretending to be the person you’ve been in contact with.

There have been recent cases of high-powered professionals who’ve been duped into transferring thousands of pounds into the bank accounts of fraudsters who’ve impersonated their art dealers, builders, party planners and the like. An Italian football club was even conned into diverting a €2 million transfer fee into a fraudster’s account. Often, you won’t know you’ve been conned until you’re contacted by the genuine person asking why you haven’t sent them the money.

Even those who are very tech savvy get taken in. Phishing attacks are now so sophisticated they are virtually indistinguishable from the real thing – so much so, that even experts struggle to spot them.

Fraudsters are already using the COVID-19 pandemic to try to dupe people into sending them their money or banking details. The number of coronavirus-related phishing emails has skyrocketed, according to an IT security firm. The scams range from fundraising emails from fake charities supposedly combating the spread of the virus, to ‘smishing’, in which fraudsters are sending people text messages purporting to be from banks or government departments offering payments or issuing fines.

If you use social media, then you could be left red-faced if one of your accounts is taken over by hackers. Once they have broken into your account, they post inflammatory pictures and posts or spread viruses or malware that could leave your reputation, and that of your law firm, in tatters. It happened to the Metropolitan Police, so it could happen to you. The Met’s official Twitter account was taken over in July 2019 and a stream of offensive messages were sent from it, causing acute embarrassment.

You’re especially vulnerable if you recycle passwords, as hackers can use one of your usernames and passwords that have been blown in another data breach – hackers will often dump hundreds of thousands of people’s personal data on the Dark Web – to break into your other accounts.

Banking grey area

A lot of people think their bank will automatically reimburse them if they lose money through a cyber fraud. Often it will, but it isn’t guaranteed. There is a grey area in the May 2019 code of conduct signed up to by many banks, which states you might not get a full refund, or any refund at all, if the bank deems that you were at least partly to blame for being duped into transferring the money. So, it’s unclear whether your money will be refunded if you fall victim to an email scam in which you’re duped into sending money to the wrong account by an impersonator.

It pays to keep protected

To fuel the multi-billion-pound cybercrime industry, there are plenty of methods unscrupulous individuals (or collectives) deploy, with their eyes on ‘low-hanging fruit’ and easy-to-secure cash. It’s why having a robust set of security practices is essential, such as strong passwords that are updated periodically and not reused across different accounts.

Hiscox offers Personal Cyber Insurance as an addition to its award-winning 606 high-net-worth home insurance, including cover against hackers, social engineering, cyber theft and extortion, plus media liability in case your social media accounts are taken over.

Hiscox customers get added peace of mind from having cyber security consultant DynaRisk’s Ultimate protection, which can advise you on how to protect your ‘digital footprint’ by helping you to secure your home routers, email inboxes and personal devices and will help you if you think you’ve been compromised.

Hiscox is a Law Society partner and now provides personal cyber insurance, as an addition to your current home insurance policy. It's designed to support and protect your practice in the event of a data breach or malicious hack of computer systems.

Find out more about their insurance or call 0800 840 2781. Law Society members save 12.5%.