Scots lawyers and their clients have been increasingly affected by sophisticated scams, now a spotlight is being shone on the issue. Using fraudulent e-mails criminals have gained substantial sums of money.
Cases of fake e-mails, apparently sent between lawyers and clients, purporting to come from whichever of them is expecting to receive money with instructions to deposit fees and in some cases mortgage funds, into an alternative payee bank account created by the fraudsters have risen.
Other cases have involved fraudsters deliberately cloning the websites of law firms in order to defraud clients.
Increasingly complex scams have been reported by both The Times newspaper and the Law Society Scotland this year.
How does it happen?
Web savvy criminals appear to target likely parties in order to create fake e-mail addresses, often using existing and believable identities. They then contact one or both sides and divert cash sums or information which appear to come from a genuine sender.
Unlike e-mail scams of old the language used is believable, adding gravity to the requests. The apparent ability of fraudsters to intercept genuine e-mail correspondence, and to maintain timeous contact adds to the complexity of scams.
While banks can step in when money has been wrongfully sent to the wrong account, their responsibility, and power, is limited, so this can be a costly scam for the targeted party.
How can we stop fraudsters?
In response, awareness within the Scottish legal community has been heightened. Like all lawyers we deal with sensitive information so our security is maintained to a high standard. Internally we have focussed our team’s efforts on vigilance, but this will only combat half the issue.
Such scams appear to be increasing and, without education both business and private clients are vulnerable to fraudsters. In order to stay ahead of fraudsters both solicitors and our clients need to be aware, remain vigilant and question any suspicious e-mails.
How to protect yourself
• Make sure that at the very least you have basic web-security [a firewall and anti-virus] enabled on any internet capable device. Mobile devices are generally good, but home computers, laptops etc need to have security software installed and enabled.
• Banks and most legitimate service providers will not ask you to provide details of your bank account, credit card or passwords by e mail. Any request for this information should be regarded as suspicious.
• If you receive an e mail asking for bank details or a password, phone or visit the person you are dealing with. Contact them using an known contact number and speak to someone who you recognise.
• Never reply to an e-mail that seems suspicious. If your bank do contact you regarding fraud call back, use the number on the back of your bank card and, preferably, use a different phone. (Scams where fraudsters intercept phone lines are increasingly common.)
• If you do suspect fraud inform your bank, any other parties who may be affected and report to Action Fraud on 0300 123 2040.