Monday, 2 October 2017
There have been a number of recent incidents in which cyber criminals have diverted payments to and from Solicitor’s trust accounts.
The attackers gain access to the firm’s email system. There may be no outward sign of unauthorised access. The attackers wait, monitoring traffic and then when one party is due to deposit funds to a specified account, the request email is intercepted and the account number changed. The diverted funds can be money paid by clients to the Solicitor’s clients’ account, or money being disbursed from the Solicitor. Either way, this can have very serious implications.
This is a particularly dangerous attack as the instructions to transfer the funds is expected by the receiving party, and is genuine except for the changed bank account number.
Communications from the attackers seem credible and use appropriate language. Some of the affected email systems are hosted on the cloud, some on firm servers.
There have been attempts which have been detected – through vigilance or good luck. Others have been successful.
Once the criminals become aware the intrusion has been detected, the final stage can be a mass email to everyone on the firm’s contact list attaching documents containing malware links.
What can you do to minimise the risk?
1. Avoid email to communicate bank account numbers, either in relation to deposits by clients or remitting funds to third parties.
2. If there is no other choice, confirm email instructions by direct contact with clients to confirm transfer instructions and the account numbers.
3. Consider setting up an initial transfer of say £1 and advise the other party that if the Bank Account details change in any way they should contact you.
4. Know and follow good password and cybersecurity practices.
5. The requirements for basic technical protection from cyber attacks are set out in the UK Governments Cyber Essentials Scheme.