For those of us of a certain age, If you said “Protect Yourself from Cyber attack.” You would have hidden behind the sofa, as Doctor Who’s deadliest enemy the Cyber Men rampaged across our flickering TV screens.
It wasn’t until as a more critical young man, the emerging lawyer, noticed that the silver boots worn by the dreaded Cyber Men were silver painted Wellington Boots and the tubes to their heads were clearly old bits of rubber tubing. And you had nothing to fear.
We now face a different kind of Cyber Attack today and this is what it is about
Scams and cyber threats have become a fact of life across all economic sectors and for individuals.
Solicitors Firms and private individuals are being targeted with bogus phone calls and emails by scammers attempting to steal money from bank accounts or steal confidential data. Firms of all sizes are vulnerable. As are individuals.
At Paul Darnborough Solicitors we have set up vigorous and thorough policies and protocols to prevent any theft of information or money and we are always on the alert for scam merchants. Cyber men of Crime.
These are the kind of thing you should look out for as recent telephone scams have concerned impersonation of:
- Bank officials, regarding the security of client accounts.
- Beneficiaries with instructions for change of receiving-bank details for expected payments, for example, in relation to conveyancing or pension payments.
- Fraudsters informing a person they are a beneficiary of a substantial legacy and asking for fees/ taxes/ bank details in advance of sending more information or the release of funds.
Listed below are some non-exhaustive common-sense measures that you can adopt to avoid and/or minimise the risk of successful attacks by fraudsters. These address reducing the risk of human error and safeguards to technology.
Everyone needs to be aware of the techniques used by criminals and that fraudsters adapt their strategies, so that advice on prevention can quickly become out of date. You should ensure you keep your risk awareness under review and up to date.
Reporting a scam
If you find or suspect you have been the victim of a scam, you should engage with the following organisations without delay in order to limit the damage and bring about the best possible result in rectifying it:
- Your bank- contact your bank immediately if you suspect there has been an unauthorised or suspicious withdrawal from your account. Delays in contacting the bank could lead to further loss of funds and reduce the opportunities to make recoveries.
- Ask your bank’s fraud department to help you contain the losses, secure and protect the account and records, and assist where possible in recovery of funds taken through criminal activity.
- While each bank may react differently and according to the individual circumstances, your bank can be expected immediately to freeze the account to prevent further losses.
- The bank can also be expected to contact the receiving bank without delay to attempt to recover lost money, if the fraudsters have not yet taken it out from the receiving bank account.
- The police- you must inform the police straight away that your account has been compromised. To report the incident and to receive a police crime reference number, contact Action Fraud at the National Fraud and Cyber Crime Reporting Centre on 0300 123 2040, or via the business section of its website.
- For legal practises like ours at Paul Darnborough Solicitors. We would contact our Professional indemnity insurer- informing them under the terms of our PII policy of any claims or circumstances that may give rise to a claim. Loss sustained to the account triggers a claim under our PII policy.
- When notifying insurers of the claim, we have to consider our duty of client confidentiality. If the theft was of client money Client confidentiality and legal privilege can only be waived with the express consent of the client. As a precaution, in order to expedite a claim in the event of being scammed, we would have to have the authority of a client to discuss the situation.
- At present and for the very real risks involved we at Paul Darnborough Solcititors do not hold client monies.
Always carefully read your bank statements. It is easy for a scammer to set up a small monthly direct debit that just clicks away in the background. Before you know it hundreds of pounds have been stolen from your bank account.
If you are not sure ask your bank. Always check what direct debits and standing orders you have on your account.
- Email is not a secure method of transmitting sensitive or personal data you need to be aware of and alert to scams perpetrated by email.
- Avoid conducting entire transactions via email.
- Where electronic communication is essential, encrypted emails offer a much greater level of security.
- Have a personal email security policy. Always scrutinize email correspondence, especially if it is an unsolicited communication
- Emails containing or requesting sensitive information and in particular bank details should be treated with utmost caution. Consider verifying by telephone to a number already held (ie one not contained within the email in question)
- Be careful of clicking on any link in an email purporting to be from a bank, in case this triggers malware. If in doubt, type the bank’s website address into your browser by hand.
- If you receive an email request purporting to be from a bank that is unexpected or unusual, contact the bank or building society by phone and ask to speak to your firm’s regular contact at the bank.
- If the email looks as though it is from a bank, or even senior individual within the firm (so called ‘CEO fraud’), is this exactly the same address from which you have received previous correspondence? Fraudsters often make a very slight change to the email address such as adding an extra letter or changing the email address from a ‘.co.uk’ to a ‘.com’ address.
- If the email looks suspicious, do not follow any links, open any attachments (as they may contain malware), or respond to the email. Trojan virus or malware can be used to facilitate holding a someone to ransom or else to harvest confidential data on the IT system. You may wish to contact your IT service provider to check the authenticity of the email. If in doubt, call the sender on a trusted telephone number to verify the email is genuine.
Recent telephone scams have concerned impersonation of:
- bank officials
- ‘advisors’ offering investments for pension monies, and
- fraudsters informing you that you are a beneficiary of a substantial legacy and asking for fees/ taxes/ or bank details in advance of sending more information or the release of funds
- As with emails, treat with utmost caution any unusual telephone calls purporting to be from a bank or related to your finances. As with all sensitive data, do not give away any details relating to you or your finances.
- Be aware that scammers often try to induce a sense of urgency in their victims, trying to make them think that something bad will happen if action is not taken straight away.
- Be suspicious of any call purporting to be from a bank, the police, other official or company in a position of trust, telling you that something is wrong, that you need to transfer money, or asking for details of bank accounts, including PIN numbers.
- Be aware that knowledge of recent genuine transactions on your account is not a guarantee that the person you are speaking to is actually from your bank. They may have acquired these details through criminal activity (eg hacking emails, malware/cyber theft or even from an insider within your firm).
- Never give out any authentication or account details (including usernames, passwords, or other details that can be used to log into networks or your bank accounts) over the phone (either verbally or by typing into your phone).
- The advice of the majority of banks (PDF)is that banks will never call you to:
- ask for your bank security information such as your password.
- withdraw or transfer your money from your account to a new account for safekeeping.
- ask to undertake a transaction to protect money held by the firm from fraud.
- There is no such thing as a ‘safe’ account into which your bank would transfer funds to protect your account – your bank would simply disable your account if it is being attacked.
- If you have a phone with a caller display, do not assume that the call is legitimate just because you recognize the number. Criminals abuse caller display technology which allows callers to pass themselves off of as, for example, a bank, by displaying the bank’s telephone number and the criminal may ask you to check that the number showing on your telephone display matches the bona fide organisation’s registered telephone number.
- Make sure you take additional steps to verify if you are at all uncertain. Even if you consider a call to be genuine, do not deal with the query there and then. Criminals also exploit telephony technology by keeping a line open for several minutes after you have terminated the call. They make it appear that the call has been disconnected but stay on the line, so that when you call back on what you believe is the genuine telephone number, you speak to one of the criminal gang.
- Take down the details of the call and caller. After you have hung up, wait five minutes to clear the line before calling them back (or contacting anyone else). To be doubly certain that the line has been cleared, you could call another number known to be genuine first, for example the speaking clock on 123. Ring back the alleged caller on a number which you have on file for them, or which you can verify independently.
- Alternatively, use a different phone line (not just a different extension) or a mobile phone to call them back on an independently verified number.
- If you have concerns about a potential scam, report it to the police’s Action Fraud, the national fraud and cyber-crime reporting centre on 0300 123 2040, 9.
Please do not be too alarmed by this post. The chances of you being a target for scammers is highly unlikely. However there are some very inventive people who would like to get their hands on your money and hard earned savings through illegal and immoral purposes.
You can apply some of our ideas and take real steps to protect yourself in the digital world.
If you have any questions, please do not to hesitate to contact our offices for further advice and assistance. At Paul Darnborough Solicitors.