Hackers target lawyers

2020-01-24 15:09


Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Conveyancing attorneys have become the latest targets of cyber scammers because of large money transfers taking place between clients and the attorney firms for the purchase of properties. 

Private investigator Rick Crouch said he comes across many cases a month. One of his clients was scammed for R2 million.

He was in Europe when he transferred the money into what he thought was a legitimate account.

He said that criminals are using a “spear fishing” technique to target vulnerable employees of law firms.

Once the target has taken the bait, the scammers then have access to the firm’s computer system.

The criminals then create a rule that forwards all e-mails with target keywords in the subject line — such as “invoice” and “statement” into another folder.

Once they receive the e-mails, which usually contain the firm’s bank account information for the client to deposit the money, the fraudsters create a new invoice with all the firm’s information but they change the banking details.

“They then send the e-mail to the client explaining that, for some reason or another, the banking information has changed and the client should use the banking information on ‘this invoice’,” he explained.

The e-mail address is “spoofed” so it will look as if it came from the law firm.

“In addition to the e-mail rule mentioned above, they would have created a second rule that forwards them all e-mail directed to the firm’s e-mail address that they used.

“Not only does this rule forward all those e-mails to the fraudster but it also deletes the original so it is never received by the firm.

The money transfer goes into the fraudsters’ account and is never seen again.

“The banks will deny all liability in these cases even though the accounts are usually new accounts and suddenly a large amount is transferred into the account and almost immediately withdrawn, sometimes in cash.

“You have to ask how no alarm bells started ringing,” added Crouch.

He advised law firms that they must ensure that their anti-virus software is updated regularly and that their firewall is configured correctly.

Crouch also suggests that employers hold training sessions to educate employees on the signs of a phishing e-mail and how to avoid falling victim.

He advised clients that if they receive an e-mailed request to change banking information, they should call the law firm to verify the information.

“Do not call any number that appears on the e-mail but use the number you have on file for that law firm,” he cautioned.

Read more on:    pietermaritzburg  |  lawyers

Inside News24

Traffic Alerts
There are new stories on the homepage. Click here to see them.


Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.

Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.