Skip to main content
Skip to main content

Beware of fraud targeting legal firms

By Nick Worthington
Risk Solutions

Fraudsters are exploiting the trust we place in our online and telephone banking services. A number of law firms have been the victim of a scam, which has allowed fraudsters to steal significant sums of money from firms’ client accounts...

The scam

  • The firm receives a call (often on a Friday) purportedly from their bank’s fraud unit. They request to speak to the firm’s Head of Finance by name
  • The ‘bank employee’ says they are concerned about potentially suspicious activity on the firm’s client account, and provides details of legitimate  transactions from the account which the Head of Finance is able to confirm.  A basis of trust is thereby established
  • The ‘bank employee’ then refers to a number of ‘suspicious transactions’, which are nothing to do with the firm. The ‘bank employee’ confirms that these transactions won’t be processed and that the account has been frozen pending investigation, but payments can be made in the meantime with their assistance

When urgent payments have been required, some firms have been duped into revealing the secure access details the fraudster requires to access the account. Client money is then stolen from the account. Unauthorised payments from client accounts amount to a breach of the Account Rules – and this could have significant regulatory, insurance and reputational consequences for the firm and its partners.

How to protect your firm

  • Warn your staff, including but not limited to the accounts department. Awareness is your best protection
  • Do not provide access or security information over the phone or via email regardless of how genuine the request sounds. Banks promote the fact that they will never ask for details of passwords
  • Verify the caller's identity by contacting the bank yourself, using the number you would normally call on, and speaking to your usual contact. Do not use any numbers provided by the caller as they will likely only connect you to another member of the fraudster's gang

If you think your firm has been the victim of fraud, contact your bank, the police and your broker and/or insurer.

Nick Worthington, Senior Risk Manager