Email fraud has become a very big risk for businesses globally, and law firms are no exception. In this podcast, PD Law Director Stuart Bell talks about the risk and, of course, the ways that PD Law is reducing that risk for its clients.
Dan: Email fraud has become a very big risk for businesses globally, and law firms are no exception. In today’s podcast, I’m talking with PD Law Director, Stuart Bell, about the risk and, of course, the ways that PD law is reducing that risk for its clients. So, Stuart, can you tell me a bit about the risks your firm and all law firms for that matter face as a result of cyber security and email fraud?
Stuart: Hi, Dan, yeah, thanks. So just to give a bit of context, law firm trust accounts are used to hold funds and trust for clients for a variety of reasons, whether it be for buying and selling homes or businesses, commercial properties, for proceeds of settlements, and so on.
As a result, there is a very high transaction frequency in these accounts, and also the account balances and trust accounts can be quite high from time to time, so they tend to be a fairly juicy target for cyber criminals. So, the objective of these hackers is, of course, to get to the cash.
So how do they do it? Well, they typically try to impersonate these law firms, and what they do is they intercept our emails that are going out to our clients asking for funds to be transferred into trust.
So they’ll get that email, they’ll adjust it by adjusting the account details and then sending it on to the unsuspecting recipient who’s thinking they’re just following our instructions. But in fact, they might be unwittingly sending their funds straight into the account of these criminals.
Now, this risk is real, and it happens to law firms across the country very, very frequently, in fact, across the globe, for that matter. All clients and all law firms really need to bear this risk in mind whenever they’re transferring funds.
Dan: Now, practically, what steps does your firm take to minimise exposure to that risk?
Stuart: Yes, so what we do, Dan, is we ask our clients to give us a call. In the emails that we send out to people with our trust account details, there’ll also be a specific and very expressed notice saying, telephone our office, speak to our accounts department, and make sure that the account details you’re reading in that email have not been doctored in any way like I indicated earlier.
We also get them to go as far as independently verifying our phone number through, for example, maybe a social media advertisement or the website or some other independently verified method of establishing that our phone number is actually correct also.
Cyber criminals, as you can expect, can doctor the phone numbers as well as the trust account details of law firms, they’ll have people set up impersonating accounts departments, and of course, the crime goes unnoticed because those criminals account details are verified by the criminal impersonating the accounts department and the funds are lost.
So they’re the two steps that we take, step number one, call the office, step number two, make sure that the phone number you’re using is correct through independent means.
Dan: Stuart, besides law firms and other businesses operating trust accounts, who’s at risk and what should they do?
Stuart: I really think anyone in business is at risk, it’s that simple. If you think about it, if you’re paying someone and they’ve given you bank account details, how do you know that, that information you’ve received is authentic?
On the other hand, if you’re waiting for payment, how do you know that the information you’ve given your customer has not been doctored? So my advice would be for all business owners to adopt something similar to what we’ve got in place so that this risk can be, if not eliminated, at least significantly reduced.
I also wonder about this, there’s this fairly widely held belief, Dan, in business or in the business community that banks will underwrite this fraudulent activity. Now, I haven’t explored this entirely myself, but I’m sure there’s got to be limits to that insurance and the circumstances in which it would apply, and just a limit to basically how generous these banks might be in this regard.
So for that reason alone, I wouldn’t rely on it as a backstop and I think it’s up to all of us as business owners to be as proactive as we can be and take steps to reduce that exposure to risk.
Dan: Stuart, if anyone’s got questions about this topic, they can reach out to you at PD Law.
Stuart: Absolutely, Dan. It’s not just legal advice this one, people should just give us a call at any time just to talk about our systems if they like, and see if they can adopt anything similar in their businesses.
We’d be happy to give them copies of our notices and warnings. I think if more people adopt these sorts of things, probably the safer we’ll all be. So by all means, just give us a call whenever it suits.
Disclaimer: This podcast has been transcribed using AI. There may be errors that were lost in the translation.