In recent months there have been increasing reports in the press of fraudsters actively targeting firms of solicitors that use online banking. This has resulted in thefts totalling many hundreds of thousands of pounds from client accounts, which solicitors are (under the Solicitors Accounts Rules) liable to make good. The failure to make good such thefts represents a breach of the Rules, and may lead to sanctions being imposed against the firm by the SRA.
These frauds appear to follow a particular pattern. They typically take place on a Friday afternoon, starting with a telephone call to the firm's accounts department or Finance Director, purporting to be from the fraud unit of its own bank. The caller is able to provide (apparently by hacking the firm's online banking access) details of the genuine transactions made that day, thereby giving the impression of legitimacy. They will claim that suspicious transactions have been made from the account and that it has been frozen, and will offer the firm assistance with any urgent payments that it needs to make in the meantime. The firm will be required to provide its online bank details, which the caller then quickly uses to defraud the firm of large amounts of money.
The individual payments will typically be for slightly less than £100,000 to avoid detection for as long as possible, and where multiple payments are made they will be for differing amounts, again to avoid raising the bank's suspicion. Once each payment is made it is quickly transferred to other accounts and often moved out of the jurisdiction. As these payments are usually made on a Friday afternoon and may not be discovered until the following Monday, tracing these funds can be next to impossible as they will have long since been dissipated.
It is relatively simple for firms to protect themselves against on-line fraud by following four simple steps:
- Never reveal banking security information over the telephone, even if the caller appears to be genuine and to have knowledge of your account.
- If you receive a suspicious phone call or if you are in any doubt, hang up and telephone your bank without delay, using a different telephone.
- Circulate this advice to all staff, so they are aware of the issue.
- If you suspect or become aware that you have been a victim of such fraud, contact your bank and broker or insurer as soon as possible. The quicker action is taken, the greater the chances of recovering the money taken.
The potential losses (and consequentially the financial, reputational and regulatory impact on the firm) are significant and a number of firms have already been affected, so staff should be advised to remain vigilant