Shieldpay stories

A look at the fraud threat landscape facing legal firms

Law firms are vulnerable to fraud. But not all practitioners are aware of the complexity of the challenge facing them.

Criminals have a talent for adaptation, and the techniques that they’re using to target law firms are becoming increasingly sophisticated. To avoid falling victim, firms should first seek to gain a solid grasp of the threat landscape.

In this blog post, we explore some of the methods that fraudsters are using, with some high-level guidance on how firms and their people can protect themselves.


Cybercrime used to be a fringe issue for law firms. Now it’s front and centre. 

A new study of 200 of the country’s biggest law firms found that - due to substandard IT security - more than 90% are exposed to being scammed or having clients’ confidential data stolen or compromised.

The estimated cost of a single data breach in the UK is £2.37 million, and in 2018 alone, over £11m was stolen by hackers from UK law firms. 

Whether stealing funds, data, or both, criminals are highly active in this area. Smaller firms in particular are vulnerable, as they often lack the resources to put in place robust technical infrastructure to protect against attacks.

The challenge posed by cyber-criminals can be addressed in two key ways –

  • through a comprehensive audit of IT security, with action taken to ensure that vulnerabilities are addressed;
  • via a progressive approach to education that focuses on training staff on how to identify potential threats and minimise risks.

Identity fraud

There were around 190,000 cases of identity fraud reported in the UK 2018., with legal firms increasingly being targeted.

Verifying the identity of clients is part of everyday life for solicitors undertaking “relevant business” as defined in the Money Laundering Regulations 2003. However, technological advances have enabled professional forgers and their clients to create documents that are virtually indistinguishable from the real thing.

Verifying clients’ identities is essential for firms, but is also time-consuming and adds costs to the bottom line. Firms should remain vigilant and continually update their identity verification systems and processes in order to protect themselves.

Probate fraud

According to the Society of Trust and Estate Practitioners, probate fraud costs around £150m a year. Cyber criminals have remorselessly targeted legal services in recent years.

The Solicitors Regulation Authority (SRA) issued 217 scam alerts in 2017/18 alone, leading to more and more firms facing expensive pay-outs and actions for negligence. 

It’s not just immoral family members who are responsible for diverting funds away from beneficiaries – organised criminals are getting in on the act, too. It’s therefore essential that lawyers perform comprehensive due diligence before sharing data or money in order to ensure that payments are made to the right person.

Sham litigation

Money launderers are increasingly targeting litigation solicitors with a simple yet highly effective strategy

Criminals instruct a firm to represent them in a dispute with another company, passing relevant compliance checks and making a large payment on account. Following the expected route for matters of this nature, the client then declares the matter has been settled, funds are returned - minus a nominal fee – and the reputable firm has, unwittingly, partaken in money laundering.

Incredibly hard to spot, the best way of preventing this type of fraud is for solicitors to report any suspicions – however minor – to their MLRO.

It’s a form of fraud which highlights the absolute necessity for firms to have robust money laundering policies and reporting processes in place. 

Concrete steps to protect the firm

These scenarios prove that legal professionals are not only at risk of becoming victims of crime, but also facilitating criminal acts by enabling fraudsters to leverage their operational infrastructure and credibility to perform illegal activities. 

With significant risks facing law firms, embracing new technology will be instrumental in mitigating the modern fraud risk. Shieldpay provides a service that alleviates the time and costs incurred for ID verification checks and holding funds in a neutral third-party account.

Supported by a robust approach to maintaining audit trails, both in documentation and how they’re stored, firms should find themselves in good shape should something go wrong and they face regulatory action.

Lastly, firms must invest in training their people to identify threats and take appropriate action. This shouldn’t be treated as a necessity only when staff are on-boarded to the firm. A continual process of learning that exists promotes a wider culture of personal development, accountability and alignment of interests. 


Trusted by law firms of all practice areas and sizes, and fully authorised and regulated by the FCA, Shieldpay can help you protect and secure client transactions. Find out more about the services we offer to law firms.


Want regular updates straight to your inbox?

Recent Posts