Fraud alerts - 2014

Fraud alert - Gozeus & Cryptoclocker (June 2014)

GoZeuS & Cryptolocker Malicious Software

The National Crime Agency have recommended that businesses take steps by midnight on 17 June to protect their systems from powerful malicious software threats.

The NCA are recommending immediate action and have issued guidelines on how to counter the risk posed by the 'GoZeuS' and 'CryptoLocker' threats.

National Crime Agency update

We recently issued an NCA alert to the legal profession regarding debt recovery of unpaid loans or promissory notes. Please note the following additional names which now feature in cases of the attempted scam:

'Jennifer FISHER' and 'Michael SMITH'

LSS Financial Crime Conference

Places are still available at the LSS Financial Crime Conference on 25 June at the Glasgow Hilton. Speakers from Police Scotland and RBS on cyber crime risks will be joined by speakers from the NCA, HM Treasury, the Society/profession on topics including AML, Financial Sanctions, Mortgage Fraud & SARS.


If you have any questions, please do not hesitate to contact the Society's financial compliance team.

Ian Messer
Director of Financial Compliance
The Law Society of Scotland

Fraud alert - bogus bank calls, advance fees and email scams (May 2014)

There are a number of fraud issues currently affecting solicitors in Scotland. To protect your business and your clients, please read through them carefully and share them with all the solicitors in your firm.

1. Fraudsters gaining access to solicitors' client account/security details

Fraudsters pretending to be from bank fraud or relationship management teams are calling firms attempting to obtain unique account information from you and your staff in order to steal cash. The callers are knowledgeable and persistent and may appear to have the appropriate ID information.

Once you have refused to give out the information, another caller may contact you saying they are from the Relationship Management team or they may ask you to insert your card into the card reader machine for verification and type in the PIN. This is another way in which account information can be obtained and banks will not call asking you to do this.

Remember:
. Passwords/PINs should NOT be disclosed to anyone even if they purport to be a member of the bank's staff.
. If a caller asks you to insert your card/PIN into your card reader machine, you should not do this.
. If calling your bank to check the validity of a call, disconnect the caller and call your bank from another phone.
. Banks do not send emails asking for bank account information. Emails requesting password/PIN information should NOT be answered.
. It is also worth reviewing your IT security generally in light of recent publicity over vulnerabilities in IT security.

2. National Crime Agency fraud alert

The NCA have issued a fraud alert to the legal profession regarding debt recovery of unpaid loans or promisory notes. The details can be found in the full NCA alert.

3. Email scam

We've also had reports from members of emails which appear to come from the website 'Solicitors from Hell.net' with the subject title 'SolicitorsFromHell.net article regarding your firm'.

Members should delete the email without opening it or clicking on any of the links. Anyone who has received such an email can let us know the time and date they received it, and confirm its source and title – but should not forward the email itself.

Those who have opened the email should contact their IT provider for support and alert the Action Fraud police service

If you have any questions, please do not hesitate to contact the Society's financial compliance team.

Ian Messer
Director of Financial Compliance
The Law Society of Scotland

Fraud alert - bogus bank calls (April 2014)

Fraudster gaining access to solicitors' client account/security details

A firm had funds stolen from its client account after an experienced member of the firm's cashroom/finance staff was persuaded to disclose password/PIN information enabling the fraudster to transfer client funds using the bank's automated bank transfer facility. The password/PIN was disclosed to someone posing as a member of the bank's fraud investigation team who telephoned the firm under the pretext that he was investigating suspicious account activity. His 'cover story' was evidently convincing and the firm's employee complied with the request for details of password/PIN. Transfers of funds were effected overnight and this was only discovered the following day.

Passwords/PINs should NOT be disclosed to anyone even if they purport to be a member of the bank's staff.

Banks do not send emails asking for bank account information. Emails requesting password/PIN information should NOT be answered.

IT Security

It is also worth reviewing your IT security generally in light of recent publicity over vulnerabilities in IT security.

Reporting

You may be aware of other frauds or scams, or had a 'near miss' yourself. Sharing information about frauds and scams will help the profession as a whole guard against exposure to fraud. If you are willing and able to share information for the benefit of the profession as a whole, please click here to contact the Marsh team."

If you have any questions, please do not hesitate to contact the Society's financial compliance team.

Ian Messer
Director of Financial Compliance
The Law Society of Scotland

Fraud alert - cyber fraud & scam emails (March 2014)

Cyber fraud against client account

A Scottish law firm has recently been the victim of a cyber fraud against their client account resulting in a significant loss.

While the exact details of the methodology used by the fraudsters is not clear yet, you are advised to use this email as a prompt to ensure that your businesses IT security systems are robust and up to date.

Scam emails from "SRA"

Scottish solicitors are now receiving scam emails which purport to come from the Solicitors Regulation Authority (SRA) and may refer to an investigation of the practice unit.  It is understood that these emails contain a virus which could damage and compromise your systems.

You should not open this email.  Instead please forward it to law enforcement via the Action Fraud website and the "Report Attempted Scams or Viruses" tab on that screen.  If you have opened the email please report this to your IT provider.

The Society would also be interested to know how many of these emails have been received and if it has been opened and would be obliged if you could report receipt of such emails to us using the fincomp@lawscot.org.uk email address.

More detail on the format of the emails is available on the SRA website.

Help available

The Scottish Business Resilience Centre (SBRC) offer an on-site Cyber Security Assessment which enables businesses to evaluate the level of protection within their systems infrastructure and provides guidance to resolve issues.

More information on this service is available on the Society's website or by calling the SBRC on 01786 447 441.

The HM Government publication – "Small Business: What you need to know about cyber security" – also provides useful advice on reviewing your IT security and implementing improvements. 

If you have any questions, please do not hesitate to contact us.

Ian Messer
Director of Financial Compliance
The Law Society of Scotland

Fraud alert - bogus bank calls (January 2014)

We have become aware that the fraud methodology outlined in our risk alert in August 2013 continues to be attempted and recently has been successful.  Cashroom Managers are advised to urgently bring this alert to all relevant staff including cashroom staff to emphasise that passwords and PINS should not be disclosed to anyone even when they purport to be members of bank staff (relationship management, fraud investigation, etc.) and possibly members of staff that you have dealt with previously. View our August 2013 alert.

 

Please contact me if you have any queries.

Ian Messer
Director of Financial Compliance     
The Law Society of Scotland