This pernicious form of fraud is on the increase. It’s not a new phenomenon but it is one of a variety of methods criminals are using successfully.
So how does the scam operate? Firstly, you need to understand the criminal slang - phishing, vishing, smishing and spoofing.
This is when you receive a fraudulent email alerting you to a problem. The email looks genuine and may lead you to a website that looks exactly like your bank’s website. If in any doubt, just don’t click on the link.
Vishing or voice-phishing, occurs when you receive a telephone call from someone purporting to be from your bank. The aim is to obtain confidential details, passwords or to convince you to make a monetary transfer.
The criminals may claim to be from your bank’s Fraud department. They may tell you there is a problem with your account and ask you to confirm some payments.
Smishing, or SMS-phishing is the mobile phone equivalent of vishing. The criminals use it less against law firms, but it does happen. The method encourages you to ring a number or follow a link. This will then request password and account information.
This is where it gets really tricky. In essence, the criminals imitate genuine telephone numbers or email addresses to gain your confidence. You will see a telephone number that you recognise as being your bank in your caller display.
Protect your firm against phone scams
- Never give out banking passwords or security codes to anyone over the phone.
- Do not trust your phone’s caller display to identify a caller accurately.
- Check callers by phoning the bank yourself using the known number.
- Remember that the bank will never call you to ask you to transfer money to a so-called safe account.
- Remember that the bank will never ask you for banking passwords or user numbers.
Protect your firm against email scams
- Provide a documented process for all employees to follow. This should ensure email requests to set up or amend payment details are verified as genuine.
- Use known contact details other than email to make these checks and apply the same rigour to both internal and external emails.
- Consider how you communicate with individual clients who are sending funds, so they can be sure they are sending their money to the correct account.
- Consider encrypting emails and providing clear, initial instructions about how payment details will be provided or amended.
- Payment methods and bank account details should be agreed at the outset of transactions.
- And finally, protect all PCs with quality anti-virus software and ensure it is updated regularly. Upgrade all operating systems and software to the latest versions the minute they become available.
Mike O’Donnell, LawWare Limited.