The LSRA is aware that cyberattacks are increasing in both number and sophistication. Solicitors and their clients are among those targeted by online criminals through fraudulent emails that impersonate solicitors’ firms. These emails often advise the client that the solicitor has recently changed their bank account and direct the client to lodge money to the new account. This method has been used to defraud clients of significant sums of money.
Clients of solicitors should be aware that solicitors rarely change their banking details. If you receive a notice from the firm that they have done so, you should contact them directly either in person or by phone (not by email) to confirm that this is, indeed, the case. Solicitors should advise their clients of their bank account details and tell them that any changes to those details will never be communicated via email.
The LSRA is also aware of instances where solicitors’ computer systems have been hacked, with cyber criminals then in a position to monitor the solicitors’ internal emails, and, at the appropriate time, amend payment details on emails passing between colleagues in the firm.
Where necessary, solicitors should confirm all bank details over the phone both with clients and other employees. Any discrepancy should raise a red flag that should be checked immediately by phone or in person.
The LSRA is emphasising the need for sensible, cautious behaviour, good clear communication and, for solicitors’ firms, the importance of regular training for all staff.