Nowadays, many legal practitioners and law practices have experienced cyber fraud, and the amount of money stolen is constantly increased. This article will briefly explain what cyber fraud is, and what should legal practitioners or law practices do when dealing with cyber fraud.
What is cyber fraud?
Cyber fraud, or cyber crime, is a serious criminal offence directed at computers or other information communications technologies for financial gain or other malicious purposes. It is usually done by hacking into a law firm’s system and impersonating either the client or the firm to demand and redirect payment of funds to the fraudster’s account. Sometimes it also involves money laundering and identity theft.
It is more common for they are impersonating the firm to demand money from clients. It is because law practices normally have their own financial staff or more resources to check or verify the account while clients do not. They will believe that is the firm’s account and just transfer their hard-earned money.
It is a common misunderstanding that the bank has certain obligations to prevent cyber fraud and they will reimburse practitioners and clients for the funds stolen. Well, there is no such requirement for banks, and it is not the function of the banks to check or even investigate any suspected transaction. Banks will try to recover the money, but normally, time is not enough for recovering or even tracing in electronic transfers before the offenders dissipate the money. At this stage, it is too late to recover.
What should legal practitioners do?
Before any transaction, give the clients the firm’s bank details and warn them about the risk of cyber fraud. If in doubt, or even every time before they are going to transfer their money, always call the firm to verify the bank account. It is also important to tell the clients that the firm will never change their bank details through a mere email. Practitioners should also be proactive to check with clients in order to ensure their money go to the correct destination.
Payment by electronic mean is quick. If the expected payment has not arrived at the firm’s account, it is not OK to assume that it is still in transit. Legal practitioners or law practices should always keep eyes on the trust account and check with clients to confirm they got the correct bank details. If there is a suspected fraud or mistake, immediately contact the transferring and recipient banks.
Law firms should also install multi-factor verification or authentication to secure the system. Almost all reported cyber fraud occurred in the circumstance of lacking protection of the authentication. Offenders can easily access to the firm’s email account to send an email to the clients demanding or redirecting funds into the fraudster’s account.
Disclaimer: This publication contains comments of a general and introductory nature only and is provided as an information service. It is not intended to be relied upon as, nor is it a substitute for specific professional legal advice. You should always speak to us and obtain legal advice before taking any action relating to matters raised in this publication.