Is your money secure?
You no doubt worked hard last year to position your firm so that it can hopefully benefit from the growth that is beginning to return to the economy. With good management, a large proportion of this top line growth should flow through to the bottom line and bring a smile to the face of partners and staff alike.
It would be a tragedy if this additional profit was stolen. Solicitors are attractive targets for fraudsters due to the high bank account balances held and large transaction value/volume of payments made in the normal course of conducting their business.
Taking some very simple steps can make a real difference to the fraudsters’ success rates. There are external risks and internal risks and we will consider them separately.
The LawSkills Monthly Digest
Subscribe to our comprehensive Monthly Digest for insightful feedback on Wills, Probate, Trusts, Tax and Elderly & Vulnerable client matters
Not complicated to read | Requires no internet searching | Simply an informative pdf emailed to your inbox including practice points & tips
Subscribe now for monthly insightful feedback on key issues.
All for only £98 + VAT per year.
There are three main external threats as follows:-
- Malware – refers to malicious software such as viruses and Trojans. Malware is often hidden in attachments and free downloads. It can capture your keystrokes to see your passwords and then use them to access your online accounts. The fraudster may use the malware to present seemingly genuine online banking log-on screens on your computer and they could then use any passwords that you enter into this screen, to potentially access your accounts.
- Phishing – occurs when fraudsters attempt to obtain your bank details, online banking log-on passwords, or other confidential information by masquerading as the bank or another trustworthy entity in an email. The email will usually link through to a fake website, which looks almost identical to the bank’s legitimate one. A message usually suggests that you need to act urgently, for example to prevent your online access from being blocked.
- Vishing – this is a development on phishing and involves fraudsters telephoning to obtain confidential information from you, usually asking for bank details and online banking passwords. The call often starts with the fraudster advising you that funds held in your account have been, or are about to be stolen. You might be asked to call the bank back using a number from the back of your bank card or bank statement. The fraudster holds the phone line open at their end, so you unknowingly go back to speaking to the fraudster, who continues to mask themselves as the bank. Victims are then told to transfer funds to a ‘safe’ account which has been opened for them. The account will be under the control of the fraudster. The fraudster sounds very convincing on the phone and may make several calls over a period of time to gather information.
There is always the risk that someone inside the firm will see an opportunity to take money if they think that they will be able to get away with it. This has happened in many firms and it can be either an employee or a partner. It has recently been recognised that organised crime gangs are now placing “sleepers” inside the accounts departments of larger firms to help them to steal significant amounts from these firms at a later date.
How do we reduce the risk of being defrauded?
Every firm needs to think about their strategy for avoiding being the victim of a serious fraud on either office or client account. There are however a number of obvious things that ca be done to reduce the risk as follows:-
- If possible, consider having more than one individual required to set up and make each payment. It is clearly far harder for frauds to start and continue if two or more people have to work in tandem;
- Have a designated workstation which is used solely for the purpose of processing bank transactions to the exclusion of web browsing, email and all other activities that could bring malware onto the system. It is even better if these workstations can be firewalled off from the rest of the network or given their own dedicated internet connections;
- Make sure that once the online banking has been completed that you have logged out properly;
- Ensure that all PCs are protected by high quality anti-virus and anti spy-ware software, which is updated regularly and run regular scans to identify and remove malware;
- Help your staff to not be duped into sharing passwords with third parties. Training and awareness of all relevant employees can help to make sure that those individuals who hold the digital keys are aware of the threats and how they operate. A bank would never ask for passwords over the phone or by email; if this happens it is definitely a fraudster.
- When employing someone who will be involved in the payment processes be sure to check out their CV to ensure that you know who you are trusting with your money.
If you want further advice then contact your bank as they too will sleep better if they know that their customers are doing everything possible to reduce the chance of fraud.
FREE monthly newsletter
Wills | Probate | Trusts | Tax | Elderly & Vulnerable Client
- Relevant learning and development opportunities
- News, articles and LawSkills’ services
- Communications which help you find appropriate training in your area