A law firm in Dublin, Ireland is responsible for the electronic transfer of €97,000 to a group of cybercriminals as part of a bank transfer fraud, as disclosed by a the Law Society of Ireland. The incident was due to an unchecked change in the banking details used by the unnamed law firm. The Law Society of Ireland has communicated its warning to all members to be alert at all times and always review bank details involved in all their transactions to guarantee accuracy of information. Mortgage payment procedures will need to be reviewed in order not to repeat the mistake.
“(In) A mortgage to Pepper Finance (by the law firm), The fee earner received an email from a member of staff in Pepper Finance which included Bank of Ireland account details. The fee earner contacted Pepper Finance to verify these details. After doing so, the fee earner sent an email to the bookkeeper, stating that they had verified the account details, however, this email was intercepted and the bank account details were changed to a fraudulent bank account,” explained the Law Society.
The accountant has not detected any anomaly in the transaction amounting to €97,000, which the Ulster Bank in Ireland has successfully transferred to an unknown recipient. It was already too late to reverse the transaction, as the entire amount was already withdrawn. The law firm is now seeking assistance from the insurance provider in order to recover the lost.
Law Society of Ireland strongly suggests its members that the personnel tasked to transfer the money needs to be careful before hitting the submit button when transferring funds. “It is imperative that the individual transferring the money is the person verifying the account details. The profession is reminded that both external and internal emails have been intercepted and the details amended. It is recommended that, when contacting the sender, obtain his or her phone number through the Law Directory, phone book etc. Do not use the phone number contained within the email,” added the Law Society.
Similar incidents in the past were recorded, but it is only now that it becomes visible in the mainstream, as the theft of funds was to the tune of €97,000, a very big amount for a typical law firm. Identity spoofing is a type of fraud by email in which the sender tries to access personal data by posing as a reputable person or company. These scams can affect any sector, person or organization that operates online.
Pay attention to the following indications:
- Incorrect grammar and spelling or too formal style
- Payment request via bank transfer or instant transfer of funds, keep in mind that we never request any payment by bank transfer or instant.
- Configure the personal profile as private as possible , avoiding that unknown users, completely unrelated to your social circles, access your personal information. Something to consider is when you accept friends, first of all, check the people you know in common, as well as try to find out why I add you or with what purpose if you do not know each other personally.
- Email messages in which you are invited to “click on the following link”.
