Home / Explore our latest insights / Why Friday afternoon fraud isn’t just a thing of the past

Published: 20th January 2023 | In: Insights

It’s Friday afternoon and the working week is almost over. Many employees are finishing off their tasks but some have their minds on upcoming plans with friends and family. While they’re working – some from the comfort of their own home – they might already be in touch with them via messaging tools and social media. Tired and looking forward to logging off for a couple of days, their guard is down and the last thing on their mind is to be wary of being scammed.

Human behaviour remains the single biggest weakness when it comes to cyber security and criminals make their money from exploiting it. Many treat it as a full-time profession, so they know which buttons to press and when. And, like any professional, they do their homework before targeting the businesses and employees that they feel they have the best chance of duping. They know that in some organisations, such as solicitors and law firms, employees are trying to meet their deadlines before the week is up, perhaps by completing an important financial transaction for a client.

With more people working from home since the start of the pandemic, and a large number working from cafes and other places which don’t have secure Wi-Fi, criminals arguably have more opportunities than ever to set traps for busy, unsuspecting workers. Phishing is still the number one way for them to trick people into sharing their passwords or other sensitive information, which they can go on to use to breach companies’ IT networks.

Friday afternoon fraud

Called ‘Friday Fraud’, end-of-the-week scamming remains a big problem for the legal sector. It’s compounded by more employees working from home or from other locations away from the office which often don’t have secure Wi-Fi. Many employees aren’t aware of the risks or have become blasé about them.

According to a survey by consultancy Advanced Workplace Associates, only 13% of employees in the UK now go into the office to work on a Friday. Friday afternoons are especially risky because this is the usual time for law firms to complete property conveyancing transactions, and any delays can put more pressure on their employees to get money transferred in time for their customers to move house.

Another tactic criminals commonly use is vishing – phishing by phone. And they know that Friday afternoon is the perfect time to trick someone into paying money into the wrong bank account. Whichever method of communication is used, Friday afternoon fraud can cause signification financial damage to a firm, in addition to enormous harm to their reputation. The Solicitors Regulation Authority (SRA) says that Friday afternoon fraud makes up 75% of cybercrime reports, highlighting that this problem has never really gone away.

Employ basic cyber hygiene practices

One way organisations can reduce risks is to educate their employees about the ever-present dangers of getting complacent on Fridays. They would also do well to inform their staff about the insecure nature of Wi-Fi in many public spaces. It should be fairly easy to put company-wide rules in place, for example, to forbid certain types of work being done without the use of secure Wi-Fi. Or perhaps a rule of double-checking all financial transactions on Friday afternoons.

Basic cyber hygiene practices, like always using multi-factor authentication (MFA), are effective against the vast majority of scamming tricks used by criminals today. So it’s worth making this compulsory for all financial transactions, but surprisingly, many law firms still don’t take the few minutes it takes to use it.

So before you start thinking about your plans for the weekend, please be aware that Friday Fraud isn’t just a thing of the past, it’s still a common practice, particularly in sectors where large sums of money are moved around on a regular basis.

To learn more about how Quorum Cyber is helping to defend law firms, please visit the dedicated legal sector industry page on our website.