Frauday

The Solicitors Regulation Authority is receiving on average four reports a month of law firms being tricked into giving bank details to fraudsters on Fridays. The reports of criminals stealing from firms continue despite repeated warnings not to disclose sensitive details.

Criminals are now in the practice of targeting any conveyancing firms with large amounts of money in client accounts using increasingly sophisticated social engineering attacks to gain access to the money in the client accounts. The criminals will commonly use malicious software installed through unsolicited email communications. They will then try to intercept emails between firms and replace them with their own in an attempt to steal the money from client accounts.

On a couple of occasions these email intercepts have been followed by telephone calls from the fraudsters pretending to be from the bank’s counter-fraud team to further enforce the legitimacy.

On other occasions, law firms have been called and asked for verification of a specific electronic transaction, with callers stating they suspect fraudulent transactions have been set up. The criminals then asks the firm to confirm their online security information.

In November, the SRA revealed that four firms had collectively had £2m taken from their accounts after falling victim to these schemes. Robert Loughlin, SRA executive director of operations, said at the time:

These scammers are very active and convincing. They are highly sophisticated in their approach and therefore very capable of duping many people.

Firms are advised to embark on a security awareness campaign specifically targeting the not clicking on email attachments. Validation callers should be included to help defeat the voice side of the attack.

Author - Peter Bassill