The £250k Email: How Email Modification Fraud Is Targeting UK Solicitors
Wait…. should I have pressed that?!
3 Minute Read
You're reviewing contracts over your morning coffee when an email pops up from a familiar client about an urgent property transaction. You click the attachment without thinking—after all, you've been handling their conveyancing for months.
Within minutes, your entire email system is compromised, and £250,000 of client money is heading to a fraudster's account.
Sound far-fetched? We've supported numerous businesses prevent this exact scenario.
The Email Fraud Epidemic
Email modification fraud accounts for 68% of all cyber incidents reported to the SRA—making it by far the most common attack against solicitors.
In 2024, successful cyber attacks against UK law firms rose by 77% from 538 to 954 incidents. Over three-quarters of the UK's top 100 law firms have been affected.
These aren't crude scams. They're sophisticated operations that can change just an 'O' to a '0' in your email address, making detection nearly impossible without proper safeguards.
How It Actually Works
The Initial Breach: It starts months before money disappears. A phishing email (which 84% of UK businesses encountered in 2024) gives criminals access to an account. Maybe someone clicked a fake Microsoft login page or opened a malicious attachment.
Silent Monitoring: Criminals create email rules that automatically forward specific messages to them. They watch, learn, and wait. One firm discovered unauthorised rules had been forwarding all messages containing the word 'purchase' for a month before detection.
The Strike: At the crucial moment—right before completion—criminals modify legitimate correspondence, changing bank account details. The email looks perfect because they've been reading your communications for weeks. By the time anyone realises, hundreds of thousands have vanished.
The Warning Signs You're Missing
Despite this data, firms still miss red flags:
Slight email address variations (john@lawfirm.co.uk vs john@lawfirm.com)
Unexpected payment instruction changes near completion
Bank detail updates via email rather than verified channels
Email threads where earlier messages become unavailable
In 2024, a solicitor was fined £26,000 for failing to spot these warning signs.
The Bigger Picture
Over £4 million of client money was stolen from just 23 UK law firms in recent years. The average remediation cost is £21,000—not including ICO fines (up to £17.5 million), reputational damage, or lost clients.
Prevention is always cheaper than cure.
At Saturday Cloud, we've helped dozens of South Wales legal practices secure their email systems and protect client funds.
How Saturday Cloud Can Help
The first thing? DMARC and Multi-Layered Protection
DMARC (Domain-based Message Authentication, Reporting and Conformance) is recommended by the National Cyber Security Centre to prevent email modification and phishing attacks.
DMARC verifies that emails from your domain actually originate from your authorised servers. If criminals try to spoof your address, DMARC blocks it. This single measure could prevent most email-based fraud.
We can also support with:
Implementing Multi-Factor Authentication across all email accounts. The SRA found firms using MFA were significantly better protected.
Auditing email rules in every mailbox for unexpected forwarding rules criminals use to monitor communications.
Updating everything. Cybercriminals exploit outdated systems ruthlessly.
Creating verification procedures. Any change to payment details must be verified through a separate channel—phone call to a known number, never to a number in an email.
Training your staff on how email fraud works and what signs to watch for.