Current fraud alerts

Caller from 'Bankline Fraud Department' - 8 September 2017

Police Scotland have been made aware of a recent 'vishing' fraud attack on a law firm where the cashier was contacted by someone claiming to be from 'Bankline Fraud Department'.

These fraudsters tend to target specific types of victims when they have success and unfortunately law firms appear to be a preferred business area.

Advice from Police Scotland

What is phishing, vishing or smishing?

Any website, online service, phone call or text message that poses as a company or brand you recognise.

Any contact like this is designed to convince you to hand over valuable personal details or your money, or download something that infects your computer.

The three terms are all plays on the word ‘fishing’, in that the fraudsters fish for potential victims by sending emails, social media messages or text messages or making phone calls with urgent messages in the hope of persuading someone to visit the bogus website.

Protect yourself

Don’t assume anyone who’s sent you an email or text message – or has called your phone or left you a voicemail message – is who they say they are.

If a phone call or voicemail, email or text message asks you to make a payment, log in to an online account or offers you a deal, be cautious. Real banks never email you for passwords or any other sensitive information by clicking on a link and visiting a website. If you get a call from someone who claims to be from your bank, don't give away any personal details.

Make sure your spam filter is on your emails. If you find a suspicious email, mark it as spam and delete it to keep out similar emails in future.

If in doubt, check it’s genuine by asking the company itself. Never call numbers or follow links provided in suspicious emails; find the official website or customer support number using a separate browser and search engine.

Spot the signs

Their spelling, grammar, graphic design or image quality is poor quality. They may use odd ‘spe11lings’ or ‘cApiTals’ in the email subject to fool your spam filter.

If they know your email address but not your name, it’ll begin with something like ‘To our valued customer’, or ‘Dear...’ followed by your email address.

The website or email address doesn’t look right; authentic website addresses are usually short and don’t use irrelevant words or phrases. Businesses and organisations don’t use web-based addresses such as Gmail or Yahoo.

Money’s been taken from your account, or there are withdrawals or purchases on your bank statement that you don’t remember making.

How it happens

Phishing, vishing and smishing are done in many different ways. In the end, the aim is always to trick you into thinking you’re giving up personal information or making payments with someone you can trust, such as your bank, a government agency or a business or brand name.

The fraudsters will use your details to steal your identity, or simply take the money you’ve paid and break all contact.


You may find a website pretending to be a well-known company, organisation or service. The aim of these websites is to convince you that you’re using a real online service so that you hand over your personal or banking details or send money.


Phishing emails encourage you to visit the bogus websites. They usually come with an important-sounding excuse for you to act on the email, such as telling you your bank details have been compromised, or claim they’re from a business or agency and you’re entitled to a refund, rebate, reward or discount.

The email tells you to follow a link to enter crucial information such as login details, personal information, bank account details or anything else that can be used to defraud you.

Alternatively, the phishing email may try to encourage you to download an attachment. The email claims it’s something useful, such as a coupon to be used for a discount, a form to fill in to claim a tax rebate, or a piece of software to add security to your phone or computer. In reality, it’s a virus that infects your phone or computer with malware, which is designed to steal any personal or banking details you’ve saved or hold your device to ransom to get you to pay a fee.

Social media

Facebook, Twitter and other social media channels are also used to direct you to a spoof website. Fraudsters create accounts that have similar usernames and profile pictures to official accounts to trick you into thinking you’re dealing with someone you can trust.

Official accounts are ‘verified’ – they come with a checkmark icon next to their name, meaning they’ve proved themselves as the official company to the social media channel.


Some fraudsters will call your landline or mobile, pretending to be from your bank, building society, a government agency or someone you do business with. This is known as vishing (voice + fishing).

Alternatively, they’ll send you a text message that asks you to reply with your personal or banking details, or to call or text a premium rate number they have created to run up a large bill. This is called smishing (SMS + fishing).

Attempted fraud by caller claiming to be from RBS - 29 August 2017

A law firm received a telephone call this week from someone claiming to be Jonathan Leslie, Digital Fraud Strategy Relationship Manager from Royal Bank of Scotland in Edinburgh. 

The telephone number which appeared on screen was an authentic RBS number. 'Jonathan' indicated that someone in Ireland was trying to activate the firm's business account. 

Similar calls were received by other staff at the firm and at their other offices.

The real Jonathan Leslie has since confirmed that he had not been trying to contact the firm and also confirmed that his identity was being used for fraudulent purposes. 

Protect yourself

Firms are encouraged to remind all staff of the potential for fraudulent calls purporting to be from banks.

If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Use the number on the back of the bank card or statement in order to contact your bank.

How to report an attempted fraud or scam.

Smishing fraud alert - 27 May 2017

Smishing – the term used for SMS phishing – is an activity which enables criminals to steal victims’ money or identity, or both, as a result of a response to a text message. Smishing uses your mobile phone (either a smartphone or traditional non-internet connected handset) to manipulate innocent people into taking various actions which can lead to being defrauded.
The National Fraud Intelligence Bureau has received information that fraudsters are targeting victims via text message, purporting to be from their credit card provider, stating a transaction has been approved on their credit card.
The text message further states to confirm if the transaction is genuine by replying ‘Y’ for Yes or ‘N’ for No.
Through this method, the fraudster would receive confirmation of the victim’s active telephone number and would be able to engage further by asking for the victim’s credit card details, CVV number (the three digits on the back of your bank card) and/or other personal information.
Protect yourself:

  • Always check the validity of the text message by contacting your credit card provider through the number provided at the back of the card or on the credit card/bank statement.
  • Beware of cold calls purporting to be from banks and/or credit card providers.
  • If the phone call from the bank seems suspicious, hang up the phone and wait for 10 minutes before calling the bank back. Again, refer to the number at the back of the card or on the bank statement in order to contact your bank.
  • If you have been a victim of fraud or cyber crime, please report it to Action Fraud at or alternatively by calling 0300 123 2040

Increasing fraudulent bank calls to law firms - 23 May 2017

Over the last week, we have been receiving multiple calls or emails every day about attempted fraud attacks on client accounts.  The callers claim to be from bank fraud teams and sometimes appear to be knowledgeable about bank processes and recent firm transactions.

A caller referring to themselves as 'Stephen at the bank' has called several firms asking for details of payments and has also attempted to access client accounts for solicitors.

Firms are encouraged to remind all staff of the potential for fraudulent calls purporting to be from banks.

Passwords/PINs should NOT be disclosed to anyone, even if they purport to be a member of the bank's staff.

Banks do not send emails asking for bank account information. Emails requesting password/PIN information should NOT be answered.

How to report an attempted fraud or scam.

Scammers using WannaCry attack to lure victims - 23 May 2017

Action Fraud has received the first reports of Tech-Support scammers claiming to be from Microsoft who are taking advantage of the global WannaCry ransomware attack.

One victim fell for the scam after calling a ‘help’ number advertised on a pop up window. The window which wouldn’t close said the victim had been affected by WannaCry Ransomware.

The victim granted the fraudsters remote access to their PC after being convinced there wasn’t sufficient anti-virus protection. The fraudsters then installed Windows Malicious Software Removal Tool, which is actually free and took £320 as payment.

It is important to remember that Microsoft’s error and warning messages on your PC will never include a phone number.

Additionally, Microsoft will never proactively reach out to you to provide unsolicited PC or technical support. Any communication they have with you must be initiated by you.

How to protect yourself

  • Don't call numbers from pop-up messages.
  • Never allow remote access to your computer.
  • Always be wary of unsolicited calls. If you’re unsure of a caller’s identity, hang up.
  • Never divulge passwords or pin numbers.
  • Microsoft or someone on their behalf will never call you.

If you believe you have already been a victim

  • Get your computer checked for any additional programmes or software that may have been installed.
  • Contact your bank to stop any further payments being taken.

Report fraud and cyber crime to

Fraudsters target conveyancing firms on busy days - 19 May 2017

The Lloyds Banking Group Professional Practices team has warned conveyancing firms to be aware of fraudsters targeting them at busy times for completions.

Conveyancing firms are always going to be at their busiest on a Friday with people wanting to move in just before the weekend, and when there’s a bank holiday due it only increases the demand for completions. Firms are under pressure to work quickly on these days and fraudsters of course know this.

Paul McCluskey UK Head of Professional Practices for Lloyds Banking Group, SME Banking, says “We’ve seen fraudsters target conveyancing firms with a number of different scams on these really busy days and if they manage to catch a firm’s employee off guard, the financial and reputational damage caused can be severe, due to the significant amount of client funds they hold. With the spring bank holiday approaching at the end of May, we recommend that all firms remind their employees about how to spot the common scams.”

More information on current scams and guidance is available in the Lloyds Banking Group Heightened Fraud Threat Alert.

Wannacry ransomware cyber attacks - 17 May 2017

Following the WannaCry attacks on Friday 12 May 2017, the Scottish Business Resilience centre (SBRC) has published useful guidance for businesses:

The City of London Police’s National Fraud Intelligence Bureau has also issued an alert urging both individuals and businesses to follow protection advice immediately and in the coming days.

Ransomware is a form of malicious software (Malware) that enables cyber criminals to remotely lock down files on your computer or mobile device. Criminals will use ransomware to extort money from you (a ransom), before they restore access to your files. There are many ways that ransomware can infect your device, whether it be a link to a malicious website in an unsolicited email, or through a security vulnerability in a piece of software you use. 

Key messages for businesses to protect themselves from ransomware:

  • Install system and application updates on all devices as soon as they become available.
  • Install anti-virus software on all devices and keep it updated.
  • Create regular backups of your important files to a device that isn’t left connected to your network as any malware infection could spread to that too.

The National Cyber Security Centre’s technical guidance includes specific software patches to use that will prevent uninfected computers on your network from becoming infected with the “WannaCry” Ransomware:
For additional in-depth technical guidance on how to protect your organisation from ransomware, details can be found here:
Advice for individuals:

  • Install system and application updates on all devices as soon as they become available.
  • Install anti-virus software on all devices and keep it updated.
  • Create regular backups of your important files to a device (such as an external hard drive or memory stick) that isn’t left connected to your computer as any malware infection could spread to that too.
  • Only install apps from official app stores, such as Google’s Play Store, or Apple’s App Store as they offer better levels of protection than some 3rd party  stores. Jailbreaking, rooting, or disabling any of the default security features of your device will make it more susceptible to malware infections.


Fraudsters may exploit this high profile incident and use it as part of phishing/smishing campaigns. We urge people to be cautious if they receive any unsolicited communications from the NHS. The protect advice for that is the following:

  • An email address can be spoofed. Don’t open attachments or click on the links within any unsolicited emails you receive, and never respond to emails that ask for your personal or financial details. 
  • The sender’s name and number in a text message can be spoofed, so even if the message appears to be from an organisation you know of, you should still exercise caution, particularly if the texts are asking you to click on a link or call a number.

Don’t disclose your personal or financial details during a cold call, and remember that the police and banks will never ring you and ask you to verify your PIN, withdraw your cash, or transfer your money to another “safe” account.
If you have been a victim of fraud or cyber crime, please report it to Action Fraud at

'Law abiding citizen' and other phishing emails - 6 April 2017

The National Fraud Intelligence Bureau has issued an alert which explains how fraudsters are deploying banking trojans to unsuspecting victims in order to compromise their banking credentials and passwords.
The fraudster claims in the email to be a ‘law-abiding citizen’ notifying the individual that their information has been breached. They attach a file containing the ‘leaked’ information for the victim to see what has been exposed. The attachment is a ‘.dot’ file, usually titled with the email recipient’s name, which contains a banking trojan.

You should never open an attachment in any email that you are suspicious about.
An example of the email text can be found below:

Law Abiding Citizen Pic


In addition, law firms have been reporting a number of fraudulent emails.

For example, a cash room partner will get an email, apparently from a partner, but on closer enquiry it’s a very dubious looking email address.  The emailer asks for an urgent payment and eventually provides some bank details, hoping to con the firm into sending a payment.

Please be vigilant for suspicious emails and ensure that all staff are aware of the threats posed by email scams.

How to report an attempted fraud or scam.

Return of fraudulent bank calls to law firms - 17 February 2017

A law firm based in Inverness has received calls from a ‘Brian Johnston’ claiming to be from the ‘Bankline Fraud team’. He called about a ‘£5000 fraudulent transaction’ on the firm’s account. We understand that another firm in the area has received similar calls recently, which are not from the relevant bank. The attempted fraud may not be limited to the Inverness area, however.

Firms are encouraged to remind all staff of the potential for fraudulent calls purporting to be from banks.

Passwords/PINs should NOT be disclosed to anyone, even if they purport to be a member of the bank's staff.

Banks do not send emails asking for bank account information. Emails requesting password/PIN information should NOT be answered.

How to report an attempted fraud or scam.

Email phishing attempt at Scottish law firm - 16 February 2017

We’ve been made aware that Scottish law firms have recently been targeted by a new email scam.

Fraudsters have made contact with solicitors, initially with enquiries for assistance with a property purchase or transfer of ownership. However, when replied to for more information the scam emails have directed the solicitor to a ‘secure’ Adobe Acrobat document via a web link provided.

This link reportedly takes the user to a website made to look like a secure cloud store, but which isn’t SSL protected, and asks for an email address and password. As there is no password provided in the email, it’s suspected that the scammers hope that an individual would enter their office email address and password allowing the scammers to access the user’s emails.

To report suspected fraud and cybercrime, call ActionFraud on 0300 123 2040 or visit

The Society is interested in being made aware of email scams (and other similar issues) which are sent to our members so we can alert the profession. Contact us at