Are you and your clients picking up the phone to verify all financial account details / instructions received by email
Practitioners should be aware that cyber fraud is real and Law Firms in Tasmania are being targeted.
Recently the Law Society’s Professional Indemnity Insurance Scheme had to pay out on a claim made by a client of a firm that was a victim of fraud. The claim arose because a fraudster infected a firm’s computer system with a virus which enabled that fraudster to ‘watch over’ emails sent and received by the firm to and from its clients. As a result the fraudster was able to gain access to the name of the client, intercepted relevant emails between the firm and the client and, armed with the confidential information of the client, generated a fake email allegedly from the client with the fraudster’s bank account details, into which the firm paid settlement funds. In this case if the firm had taken steps to properly verify the client’s bank account details the fraud would have been avoided.
Firms need to be aware of the risks associated with doing financial transactions by solely relying on emails. An exchange of emails alone is not sufficient to protect your client’s funds. If your firm intends to transfer money by EFT, based on email communications from clients, it is essential that steps are taken to verify the client’s bank account details. Proper verification includes placing a telephone call to the client and upon being satisfied that it is the client who answers the call, the relevant details can be checked. The details include the name of the bank, the BSB number and the Account number.
Further, firms need to ensure that all of their staff that transfer funds are aware of the appropriate steps to be taken to verify a client’s bank details. This is not a matter that involves legal practitioners alone.
Fraudsters are becoming more sophisticated and emails from them are becoming increasingly difficult to detect.
Take the time ensure that instructions received by email to transfer funds are actually from your client and not a fraudster.
Professional Indemnity Insurance Scheme-Claims Manager