Fraudulent bank calls to law firms – how to protect yourself

Home » LawWare Legal Practice Management Blog » Fraudulent bank calls to law firms – how to protect yourself
fraudulent bank calls to law firms scammer in mask

Fraudulent bank calls to law firms have increased in recent months. It’s not a new phenomenon but it is one of a variety of methods criminals are using successfully.

For this subject, protecting yourself is quite down-to-earth. So how does the scam operate? Firstly, you need to understand the criminal slang – phishing, vishing, smishing and spoofing.

Phishing.

This is when you receive a fraudulent email alerting you to a problem. Generally, the email looks genuine and may lead you to a website that looks exactly like your bank’s website. You can check out the validity of the email in several ways. Hover your mouse over the link and URL details. This allows you to determine if it is genuine by showing you the real link or the fraudulent one. Open up a new web page in your browser and go to the website via that route or directly contact the sender. However, do not use the contact details or links provided in the email. If in any doubt, just don’t click on the link.

Vishing.

Vishing or voice-phishing, occurs when you receive a telephone call from someone purporting to be from your bank. The aim is to obtain confidential details, passwords or to convince you to make a monetary transfer.

In many instances the criminals claim to be from your bank’s Fraud department. They may tell you there is a problem with your account and ask you to confirm some payments. In most instances, the calls sound completely genuine. The caller usually has details about you, your business address, bank details and even the names of colleagues. The intent of the call is to create fear in your mind and to get you to act quickly to prevent financial loss.

Smishing.

Smishing, or SMS-phishing is the mobile phone equivalent of vishing. The criminals use it less against law firms, but it does happen. Again, the method encourages you to ring a number or follow a link for further details. This will then request password and account information.

Spoofing.

This is where it gets really tricky. In essence, the criminals imitate genuine telephone numbers or email addresses to gain your confidence. You will see a telephone number that you recognise as being your bank in your caller display. For email, you could receive one that seems to come from someone senior in the business requesting payments to be made.

How to protect your firm.

1. Ensure your team knows how to defend against a phone scam.

  • Never give out banking passwords or security codes to anyone on the phone even if you believe you are talking to the bank.
  • Do not trust your phone’s caller display to identify a caller accurately.
  • Check callers by phoning the bank yourself using the known number.
  • Remember that the bank will never call you to ask you to transfer money to a so-called safe account.
  • Remember that the bank will never ask you for banking passwords, user numbers or other sensitive information.

2. Ensure your team knows how to defend against an email scam.

  • Provide a documented process for all employees to follow.
  • This should ensure email requests to set up or amend payment details are verified as genuine.
  • Use known contact details other than email to make these checks and apply the same rigour to both internal and external emails.
  • Consider how you communicate with individual clients who are sending funds, so that clients can be sure that they are sending their money to the correct account.
  • Consider encrypting emails and providing clear, initial instructions about how payment details will be provided or amended.
  • Payment methods and bank account details should be agreed at the outset of transactions.

And finally, protect all PCs with quality anti-virus software and ensure it is updated regularly. Upgrade all operating systems and software to the latest versions the minute they become available.

Conveyancing firms: beware the Friday rush!

fraudulent bank calls to law firms

Fraudulent bank calls to law firms affect the whole industry. However, conveyancing firms are being singled out as key targets. These firms are always very busy on Fridays and particularly before bank holidays. Clients wish to complete before the weekend and legal staff come under immense pressure. The fraudsters are aware of this.

Targeting conveyancing firms on these particular days can catch stressed people when they are distracted or off-guard. Not only the financial damage but also the firms’ reputations can be seriously damaged.

As another bank holiday approaches, it is worthwhile reminding all conveyancing employees of the threat.

The Law Society of Scotland recently published a series of short alerts on this subject which you can read by clicking this link. In addition, if you believe you have discovered an attempted fraud or have fallen victim to one, report the details immediately to the authorities on The Action Fraud Website.

Mike O’Donnell, May 2017.

Share this page:

Scroll to Top