In what is now a well-known scam, the firm received an email purporting to be from their client advising of a change of bank details. The firm didn’t, as has happened in the past, take this at face value but their request for a call to validate the information was intercepted by the fraudsters who telephoned the firm, again purporting to be the client, to confirm the bank details. The cyber-attack came to light when the client telephoned and advised that he had not requested a change of bank details. By then it was too late as the sale proceeds of £80,000 had been erroneously sent.
As we approach a Bank Holiday weekend, often with pressure from clients to complete, the risks of a cyber-attack are increased and need to be at the forefront of conveyancers’ minds. Methods of attack are constantly evolving and becoming more sophisticated. It is no longer an option to bury one’s head in the sand. Regulators have confirmed they will take action against firms that are not proactive in protecting client money and assets and earlier this year issued a rebuke for failure to report a successful cyber-attack.
To coincide with the release of the Spring Update to the Risk Outlook 2016/2017, the SRA facilitated a roundtable discussion with leading experts and agencies from various sectors who all agreed that as law firms hold large amounts of client money and confidential client information they are an attractive target for fraudsters.
Various themes came out of the discussion including that “law firms should consider having rigorous and unambiguous procedures for when clients notify them of any changes to their personal information or bank details during a transaction.”
Hindsight is a wonderful thing! However:
- • Are you confident that, in the same circumstances, each of your staff members would not have acted as the individual did in the case above?
- • Do you have processes, procedures and controls in place to avoid the same thing happening to you? Are all your staff aware of them?
If you don’t know the answer or aren’t confident that you could answer “yes” to the above questions, the likelihood is you are not being proactive in protecting client money and assets.[/vc_column_text][vc_column_text]
How can we help?
Bank Wizard can offer you the assurance you need that your clients’ funds are being sent to the correct bank account. Bank Wizard is ULS’ new bank account verification system, which enables you to make the connection between your clients and their bank account details, ensuring the details provided are valid and belong to your client so that you can be confident that your payments aren’t being sent to fraudsters.
Key benefits/features include:
- • Validity and ownership of the current account is provided in real-time with an easy to interpret scoring system;
- • Added layer of protection when remitting funds to clients;
- • Reduced errors in payment details to ensure the best possible experience for your clients;
- • Enhanced due diligence;
- • Validates account ownership so payments are made to and from the right customers;
- • Reduces the risk of fraud through the interception of emails and cybercrime;
- • Increase success rates of payments.
At £2.00 plus VAT per check, can you afford not to take this proactive step to ensure that you are remitting funds to the correct account. Bank Wizard isn’t just limited to conveyancers but is a risk management tool for use in all departments where the risk of email modification is high and large sums of money are sent including, for example, in probate work.
For further information on Bank Wizard or for a demonstration, call ULS technology on 01844 262392
Cyber-security is a key priority risk. It is a business risk. It is the responsibility of Senior Management to ensure that they have in place the necessary controls to manage and mitigate against a successful cyber-attack.
Legal Eye are a leading Risk & Compliance firm who regularly assist all sizes of law firms in ensuring that their policies, plans and procedures are up-to-date and compliant. For an informal discussion or a full review of your policies, plans and procedures around cyber-security or generally, call 0203 0512049 or email firstname.lastname@example.org.[/vc_column_text][/vc_column][/vc_row]