Tag Archive for: avoid email

Insecure email communication still causing huge losses through fraud

/in , , , ,

Recent news has highlighted once again the risks caused by using insecure email communication to transfer confidential information, as this article shows.

The effect of online theft is clearly devastating for those that have had their money stolen – in many cases these losses represent life savings and cannot be recovered. Criminals posing as conveyancing solicitors, or alternatively hacking into private email accounts and falsifying bank account details so that the conveyancer transfers the proceeds from the sale of a property into a criminal’s account have become much more frequent in recent years.

To allow conveyancers to be confident that they are transferring funds into the correct account, Safe4 are offering the use of their highly secure information transfer service, into which clients or indeed any other party can enter bank details directly into designated fields. This completely eliminates the risks posed by using insecure email communication to transfer this information. It is not only email that is insecure – hard copy post and voice communication also carry risks of their own.

Safe4 are also working with other organisations that have to transfer funds into a client account at the completion of a transaction. These include art galleries, auction houses, and others who may be selling assets on a client’s behalf.

In addition to the storage of all data in UK-only data centres accredited to ISO 27001, Safe4 have just completed another penetration test carried by an independent UK Government accredited agency. Again this has confirmed the high levels of security offered by using Safe4 as the means of transferring confidential information between parties that are involved in high-value transactions. Compliance with the SRA guidelines for cloud computing gives conveyancers additional confidence that information is being transferred between parties with minimum risk.

For more information on how Safe4 can help your organisation to improve the protection of clients’ money, please contact us.

Safe4 Use-Case Paper: Secure Property Conveyancing

/in , ,

The Safe4 secure information delivery and storage service has been in use by law firms since 2010, but hitherto primarily in support of corporate and commercial property transactions. The introduction of the Safe4 Asset Register in May 2017 has brought new levels of functionality to the system, some of which can be applied to the process of secure property conveyancing.

How can law firms offer their clients better protection of their confidential information?

It is estimated that at least 70% of law firms in the UK use open email systems to transfer confidential information between external parties. This covers a very large number of information types in a variety of departmental activities. Residential property conveyancing, however, is one area where the use of insecure methods of information transfer has been exposed as a primary target for criminal activity.

When a lawyer is engaged by a client to handle the legal aspects associated with selling their home, the final act in the process is for the lawyer to transfer the sale proceeds from their firm’s client account to the client’s bank account. In most cases this is a simple process that is carried out without difficulty, but in recent years there has been an alarming increase in the level of criminal interception of email. It is common for the lawyer to request the client to provide the details of their bank account by email, by telephone, or by filling in a paper form and sending it back to the lawyer. All of these methods of delivery are potentially insecure, but there is mounting evidence that interception of emails and fraudulent alteration of the target bank details has become a major problem.

Impact on Professional Indemnity Insurance premiums

The existence of the problem has been recognised by the providers of professional indemnity insurance for law firms. Premiums are starting to increase steeply for those firms who use the traditional insecure means of obtaining clients’ bank account details.

Secure Property Conveyancing

The Safe4 Asset Register allows this risk to be eliminated. By opening a secure vault for each property transaction, and creating data fields into which basic bank account information – account number, sort code – can be entered directly by the client, the lawyer can offer the client a higher level of protection than has hitherto been possible.

After the client has entered their bank details, the conveyancer will receive an email automatically generated by Safe4 confirming that the information is available. After logging in, the information can then be transferred safely into the internal systems used for handling client payments. There is of course the standard Safe4 audit trail facility associated with all activity, providing a strong evidential record of everything that has been done during the transaction.

If the Safe4 Application Programming Interface (API) is used, the bank account details can be transferred completely automatically into the law firm’s practice management or accounting systems, thus improving security and efficiency further.

UK Hosting

Because all Safe4 data is hosted in the UK in ISO 27001-accredited data centres, the professional practitioner can also take advantage of Solicitors Regulation Authority compliance. All of the activities of Safe4 are conducted under the law of England and Wales.

Safe4 Information Management have partnered with VaultConnect to offer best-in-class security for the systems that handle the transfer of confidential information between the professional practitioner and the client. This collaboration is now benefiting law firms throughout the United Kingdom, who are able to gain the advantage of the security of the Safe4 platform with the expertise and experience of the VaultConnect team.

More concern over the use of public email

/in , ,

Interference with personal email accounts has become a major source of fraud in the UK. Take a look at this alarming article. However, more than 70% of UK law firms are still communicating with clients via their clients’ personal email accounts, in many cases to carry highly confidential information such as bank account details when executing conveyancing transactions. Repeatedly, criminals are intercepting email messages to fraudulently change bank details, resulting in money being transferred to the wrong account – and innocent lives being ruined.

The Safe4 Asset Register has been designed to eliminate the risk of fraudulent interception of email. It allows clients to enter their banking information directly into one of the most secure sites on the Internet, and automatically notifies the conveyancer that the information has been provided. The lawyer can then login and obtain the information, whilst audit trails are recording all of the details.

Not only does the Safe4 Asset Register eliminate a risk of major financial loss and severe reputational damage, but it enhances compliance with the SRA guidance on the use of cloud computing services. Furthermore, leading brokers in the Professional Indemnity sector believe that using facilities such as that offered by Safe4 will significantly slow down the recent dramatic rises in premiums.

Please contact us. We can help you to improve compliance and reduce risk.

Email phishing scams increasing rapidly – what is the answer?

/in , ,

Almost everyone who has an email account will have received large numbers of unsolicited emails from an unknown sender requesting that the recipient “click here” to gain access to a website or service that offers something of interest or value. Some of these are laughably inept, and are so obviously scams that they can be deleted immediately. However, an increasing number are from criminals who purport to represent a reputable and trusted party, often cleverly formatted in a way that makes it very difficult to differentiate between the scam and the real thing.

In 2015, the last full year for which there is appropriate data, instances of phishing emails of this type rose by 21% in the UK, as reported in the media by Silicon.  As the article suggests, the organisations that have been falsely represented most often in the UK are BT, Apple and HMRC. The Apple emails in particular are very realistic. Clicking the link as requested will normally result in ransomware or some other form of malware being downloaded on to the recipient’s computer, leading to problems that can be very damaging and difficult to deal with.

Increasingly the criminals have turned their attention to banks and their clients, and social media services such as LinkedIn. Safe4 have recently worked with Investec, one of the financial sector’s most respected specialist banking and asset management service providers, to offer solutions to this ever-worsening problem. This involves using the Safe4 service to create a highly secure vault, into which clients can place their own important documents, and which can also be used as a means of distributing bank-generated documents to clients. It will thus become possible to inform clients that if any unsolicited email is received bearing the bank’s branding, it should be deleted immediately.

Investec, headquartered in Johannesburg, South Africa, also have a substantial presence in the UK and in other locations internationally. The Safe4 integration project was carried by the Investec Digital team in Johannesburg, who worked closely with the Safe4 developers in the UK and South Africa. Investec are no strangers to innovation, and are constantly seeking ways to improve their clients’ banking experience, and importantly to increase the level of protection offered to clients.

Safe4 offers a highly secure facility for distributing documents to any recipient outside the sender’s own IT domain. Using UK-located data centres only, accredited to the ISO 27001 international security standard, Safe4 has been independently ranked among the 0.8% most secure site on the internet, out of millions tested.

Contact us for more information on the Safe4 service, and for ideas on how using Safe4 can enhance the security of your communication with the outside world.

Personal email systems still being used to carry confidential information

/in , ,

It is no major surprise to learn that a major email service provider has been hacked – again – and that millions of people have had their personal information exposed to criminals. This is highlighted in an interesting article in The Times, published today.

What is still very unfortunate, however, is that a large number of professional practitioners in the UK are still failing to acknowledge that email is the leading source of computer crime and online fraud. Time and again personal financial information is being passed between lawyers and their clients, in residential property transactions for example, using the client’s personal email account. Repeated examples of these emails being hacked and bank account details being changed have not deterred some high-profile UK law firms from continuing this practice, irrespective of severe financial losses being experienced by their clients.

Also worrying is that it is common practice in some firms for lawyers and others to send confidential documents to their own private email accounts so that they can be worked on outside business hours or away from the office.

The Safe4 service was launched in 2010 to offer a highly secure alternative to email, not just for document transfer, but also for medium-term or permanent management of information. Based on UK-only storage in data centres that are accredited to the ISO 27001 international security standard, Safe4 offer a service that complies with the Solicitors Regulation Authority guidance on the use of cloud computing. Accessible at any time, from anywhere, it eliminates the need to trust confidential information to high-risk systems.

For more information on how Safe4 can assist your firm to minimise the risk of information loss or interception, please contact us.