Types of fraud

There are many different ways fraudsters can commit financial fraud. Online methods such as phishing and malware can give criminals access to passwords and account numbers while social engineering can allow

them to impersonate individuals. Below, we look at some of the most common types of fraud, explaining what they mean and how you and your business can avoid becoming a victim.

Business Fraud
Business Fraud

Business owners and managers in legal businesses may be more aware than some that they are at risk, but do you and all your colleagues know the main ways businesses are targeted by fraudsters? Read below about the main types of business fraud and how to protect yourself.

Home buying scams
Home buying scams

Learn below how to avoid scams if you are buying a home.

Cybercrime
Cybercrime

Most businesses have an online presence and all use technology to communicate. Criminals continue to develop techniques to exploit weaknesses in computer systems. They can also trick staff into downloading malicious software or releasing customer information. Understanding how to protect your business from this threat is essential.

The CLC’s Code of Conduct is outcomes focused and one of the outcomes all CLC Lawyers must deliver is that Client money is kept separately and safely. Use this toolkit to understand what some of the risks are and how you can protect your business and your clients.

Regulation

Resources

Secure badge

To protect the public, the websites of all CLC regulated practices must carry a compulsory secure badge to reduce the risk of impersonation through cloned or copied websites and help identify fake firms that claim to be regulated by the CLC.

If you have any doubt click on the badge on a CLC Regulated Practice's website to see information about the firm.

button
 
Consumer Guide
Consumer Guide
Business Fraud
Business Fraud
Mortgage Fraud
Mortgage Fraud
Cyber-crime
Cyber-crime

Ransomware

National Cyber Security Centre recommendations to protect against ransomware.

Sign up to the NCSC
Early Warning Service

This is free and uses a range of information feeds to notify organisations of cyber incidents, malicious activity and web-based vulnerabilities on your public facing domains and IP ranges. It ensures that NCSC can contact organisations quickly in case of an incident. You can sign up here.

Read this guidance on mitigating malware and ransomware

The NCSC urges all organisations to follow its guidance on mitigating malware and ransomware. It details a number of steps organisations can take to disrupt ransomware attack vectors and enable effective recovery from ransomware attacks. This may be a significant undertaking, so we have listed some quick, initial steps below.

Back up your key data

What would you do if your business files were lost to ransomware? To get back up and running we recommend offline backups, to enable quick restoration of business functions. In addition to encrypting files on your computers, ransomware attackers will often attempt to corrupt or alter existing backups. Offline backups are your best defence and will mean encrypted devices can be wiped and restored from offline backups.

Offline backups (cloud or disconnect physical media) are when the data can be protected from accidental or malicious deletion. They also should offer version retrieval, so that if ransomware removes access to files, you can recover them from a previous version. For more information, read the NCSC blog on backups.

Sign up for Exercise in a box

We recommend signing up for the NCSC’s free exercising tool. Have a look in particular at the ransomware and supply chain exercises.

ransomware
Disable Remote Desktop Protocol (RDP) - where possible...

RDP account compromise is the source of 50% of ransomware attacks. Where possible we suggest you turn it off. In order to do that you need to understand if you have it. NCSC’s Early Warning service will help you know and provide many other benefits. If you identify RDP and didn't know it was on, turn it off.

If you have to use RDP, we recommend using multi-factor authentication and following this guidance. Also follow the principles of privileged access management.

Make sure that the accounts that are allowed to use it have unique passwords - try #3randomwords.

About

Consumers

Lawyers

Trainee Lawyers

Regulation

This website uses cookies

We use cookies to improve your experience on our website. If you continue without changing your settings, we'll assume that you are happy to accept all cookies on the CLC website. You can change your settings at any time.