Attorneys are the latest targets facing attack by cyber criminals intent on stealing money.
According to research conducted by Stalker Hutchison Admiral (SHA) Specialist Underwriters, attorneys have proved to be vulnerable to spear phishing attacks.
In these scams, cyber crooks send a conveyancing attorney a fraudulent email purporting to be from a home seller.
“The approach is simple. The attorney firm is instructed by a client to register the sale of a property. Once the property is registered at the Deeds Office, the proceeds of the sale are due to the seller,” Christopher Appanah, claims team leader for PI and liability at SHA, told Fin24.
“It is at this point that cyber criminals make their move. The attorney is sent a last-minute email alleging to be from the seller, requesting that the seller‘s banking details be amended. The proceeds of the sale are then diverted to the hacker‘s account.”
Three contributing factors
This correlates with research by Mimecast, which found that 90% of all cyber attacks began with an email.
“We have seen a massive increase in spear phishing emails being sent to key people, with malicious attachments or re-directing them to dangerous websites, either to infect their device or harvest information, or [to] encrypt their information and demand a ransom,” Orlando Scott Cowley, cyber security strategist at Mimecast, told Fin24.
Appanah said that three factors made attorneys vulnerable to this kind of targeted attack.
“First of all, attorneys are not infallible. There is a perception that has been created that an attorney cannot falter in the performance of their professional duties. If this [were] the case, then there would be no need for professional indemnity insurance.”
He also said that cyber attacks had evolved from simple schemes to sophisticated fraud, where crooks create content that closely mimics official websites and emails.
The differences may be extremely subtle, for example substituting a “1” for an “I”, or a name like “Petersen” may be spelled “Pietersen” in an email. In a high-pressure environment, mistakes may be overlooked easily.
“Finally, there can be an increase in risk, where the attorneys themselves do not attend to the so-called non-professional tasks or administration-related tasks, which do not require the application of their particular professional judgment,” said Appanah.
“These tasks may be assigned to staff who may not necessarily be aware [of] or alive to the potential risks that lurk within cyber interactions.”
Appanah advised firms, especially those that deal with sensitive personal information, to be more proactive when clients requested detail changes.
“Some firms have adopted the rule that bank details can only be amended in person, rather than through emails or even telephonically. It may be wisest to incorporate a combination of innovative and proactive steps to mitigate some of these risks,” said Appanah.
* : Get Fin24‘s top morning business news and opinions in your inbox.