Here's how cyber criminals are targeting attorneys in scams to steal cash

Hacker. (Duncan Alfreds, Fin24)
Hacker. (Duncan Alfreds, Fin24)

Attorneys are the latest targets facing attack by cyber criminals intent on stealing money.

According to research conducted by Stalker Hutchison Admiral (SHA) Specialist Underwriters, attorneys have proved to be vulnerable to spear phishing attacks.

In these scams, cyber crooks send a conveyancing attorney a fraudulent email purporting to be from a home seller.

"The approach is simple. The attorney firm is instructed by a client to register the sale of a property. Once the property is registered at the Deeds Office, the proceeds of the sale are due to the seller," Christopher Appanah, claims team leader for PI and liability at SHA, told Fin24.

"It is at this point that cyber criminals make their move. The attorney is sent a last-minute email alleging to be from the seller, requesting that the seller's banking details be amended. The proceeds of the sale are then diverted to the hacker's account."

Three contributing factors

This correlates with research by Mimecast, which found that 90% of all cyber attacks began with an email.

Appanah said that three factors made attorneys vulnerable to this kind of targeted attack.

"First of all, attorneys are not infallible. There is a perception that has been created that an attorney cannot falter in the performance of their professional duties. If this [were] the case, then there would be no need for professional indemnity insurance."

He also said that cyber attacks had evolved from simple schemes to sophisticated fraud, where crooks create content that closely mimics official websites and emails.

The differences may be extremely subtle, for example substituting a "1" for an "I", or a name like "Petersen" may be spelled "Pietersen" in an email. In a high-pressure environment, mistakes may be overlooked easily.

"Finally, there can be an increase in risk, where the attorneys themselves do not attend to the so-called non-professional tasks or administration-related tasks, which do not require the application of their particular professional judgment," said Appanah.

"These tasks may be assigned to staff who may not necessarily be aware [of] or alive to the potential risks that lurk within cyber interactions."

Appanah advised firms, especially those that deal with sensitive personal information, to be more proactive when clients requested detail changes.

"Some firms have adopted the rule that bank details can only be amended in person, rather than through emails or even telephonically. It may be wisest to incorporate a combination of innovative and proactive steps to mitigate some of these risks," said Appanah.

* SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For 14 free days, you can have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today. Thereafter you will be billed R75 per month. You can cancel anytime and if you cancel within 14 days you won't be billed. 
Subscribe to News24
Rand - Dollar
Rand - Pound
Rand - Euro
Rand - Aus dollar
Rand - Yen
Brent Crude
Top 40
All Share
Resource 10
Industrial 25
Financial 15
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders