The virtues of electronic payments and communicating online are well known, and so are the traps that can snare us when we conduct commerce in cyberspace. But did you know that cybercriminals have been targeting law firms? By intercepting solicitors’ email communications hackers can gain information that can then be used to steal client funds. Alarming cases of fraudsters impersonating clients from fake email addresses and hacking into firm email accounts to misdirect trust money or settlement funds have come to light in recent months.
At HSF we are implementing some important procedures to ensure that your money is safe, and is only disbursed at your direction and no one else’s. This will involve very little disruption to your business: while the cybercriminals’ methods might seem sophisticated, the precautions we take are very simple.
Key cyber-safety measures
These are some of our key cyber-safety measures when it comes to sending and receiving funds electronically:
- when we start a new matter we will ask you to provide a telephone number. In future we can use that telephone number to confirm your identity.
- when you need to deposit funds into our trust account we may call you to give you our trust account details verbally. We will use the telephone number you have previously provided.
- when we need to pay funds out of our trust account to you, or according to your instructions, we may call you on the same telephone number to receive your (or the payee’s) bank details over the phone, or to confirm that the account details we have received by email or letter are correct. This phone call will be in addition to requesting a written authority from you for the payment.
- if we send our trust account details by email we will include them as a screenshot, rather than typing them. This makes it harder for a hacker to intercept the email and edit the text. If you receive an email from an HSF email address that includes bank details that have been typed, rather than inserted as an image, or that purports to tell you that the HSF trust account details have changed, call your HSF contact and ask them to verbally confirm the details that you have received. In any event, it is best practice to confirm the BSB and account number over the phone.
- if we transfer funds to you electronically we will ask you to confirm when the funds have been paid into your account.
- when you deposit money into our trust account we will keep you informed of the status of your funds.
What are the warning signs?
Some things to be especially wary of are:
- emails claiming that bank details have changed at short notice;
- bank details provided by email that have been typed, rather than inserted as an image; and
- emails, email addresses or financial documents such as invoices that are formatted even slightly differently to what you are used to or what you would expect.
It would be highly unusual for us to change our trust account details. One of the most common methods used by fraudsters is to send emails to clients pretending to be their solicitors, telling them that they should direct their payment to a new and different bank account.
If you ever receive correspondence from an HSF email address that you think is suspicious for any reason, please call us via our main switchboard number and ask for the Business Finance Banking Team or your contact in the office. We will be happy to verify the correct details with you. Do not transfer funds until you have verified the account details over the phone, especially if you receive a last-minute message saying the account numbers have changed.
If worst comes to worst
If you think that your funds have been misdirected, as soon as you become aware of the risk you should:
- immediately contact your bank and request that they put a hold on the payment;
- let us know, so we can work with our Business Finance team to try to recover your money, if possible;
- make a police report; and
- if you received fraudulent account details by email, do not correspond any further with the sender and make a report to the Australian Cybercrime Online Reporting Network (“ACORN”).
By following these simple steps we can minimise the risk of cyber-fraud.
If you have any questions or suggestions please talk to your HSF contact, who will be happy to discuss.