Hackers target lawyers


Conveyancing attorneys have become the latest targets of cyber scammers because of large money transfers taking place between clients and the attorney firms for the purchase of properties. 

Private investigator Rick Crouch said he comes across many cases a month. One of his clients was scammed for R2 million.

He was in Europe when he transferred the money into what he thought was a legitimate account.

He said that criminals are using a “spear fishing” technique to target vulnerable employees of law firms.

Once the target has taken the bait, the scammers then have access to the firm’s computer system.

The criminals then create a rule that forwards all e-mails with target keywords in the subject line — such as “invoice” and “statement” into another folder.

Once they receive the e-mails, which usually contain the firm’s bank account information for the client to deposit the money, the fraudsters create a new invoice with all the firm’s information but they change the banking details.

“They then send the e-mail to the client explaining that, for some reason or another, the banking information has changed and the client should use the banking information on ‘this invoice’,” he explained.

The e-mail address is “spoofed” so it will look as if it came from the law firm.

“In addition to the e-mail rule mentioned above, they would have created a second rule that forwards them all e-mail directed to the firm’s e-mail address that they used.

“Not only does this rule forward all those e-mails to the fraudster but it also deletes the original so it is never received by the firm.

The money transfer goes into the fraudsters’ account and is never seen again.

“The banks will deny all liability in these cases even though the accounts are usually new accounts and suddenly a large amount is transferred into the account and almost immediately withdrawn, sometimes in cash.

“You have to ask how no alarm bells started ringing,” added Crouch.

He advised law firms that they must ensure that their anti-virus software is updated regularly and that their firewall is configured correctly.

Crouch also suggests that employers hold training sessions to educate employees on the signs of a phishing e-mail and how to avoid falling victim.

He advised clients that if they receive an e-mailed request to change banking information, they should call the law firm to verify the information.

“Do not call any number that appears on the e-mail but use the number you have on file for that law firm,” he cautioned.

We live in a world where facts and fiction get blurred
In times of uncertainty you need journalism you can trust. For only R75 per month, you have access to a world of in-depth analyses, investigative journalism, top opinions and a range of features. Journalism strengthens democracy. Invest in the future today.
Subscribe to News24
Daily Poll
The National Institute for Communicable Diseases has confirmed that South Africa has technically entered the third wave of the Covid-19 pandemic. What are your thoughts on the matter?
Please select an option Oops! Something went wrong, please try again later.
We urgently need stricter restrictions
60% - 49 votes
No need to panic, I trust government to lead us out of this situation
17% - 14 votes
I'm very worried
23% - 19 votes
Latest Issue

View Weeeknd Witness in PDF

Latest Issue
Read the latest news from KZN in digital form.
Read now