With an increasing number of solicitors using various forms of online/digital banking, it is crucial to be aware of the increase in bogus calls purporting to be from your bank (“Vishing”). Vishing is the term applied when fraudsters attempt to impersonate your bank, over the telephone, to ingather crucial information which allow access to firm and client bank accounts.
Taking a keen interest in the subject as leading cloud providers for law firms, Denovo were present at a recent conference on Vishing, hosted by the Royal Bank of Scotland/Huthwaite. One of the key speakers, a Fraud Team Manager with RBS indicated that both the RBS and Police are aware that the UK legal profession has been identified and is currently being targeted by organised criminal gangs as a soft target for high-value fraud. This is because legal firms regularly move large sums of money electronically.
The fraudsters are using very sophisticated methods to dupe legal firms into thinking they are dealing with their own bank. Advanced telephony/telecoms systems are being used together with clever psychological deception.
Fraud and Law Firms
Typically a fraudster would make some initial calls to find out who within the firm was involved in making large cash transactions. They might pose as a supplier looking for payment or a member of the Bank’s Fraud Team, and would attempt to get as much info as they could – e.g. who the regular bank account manager might be, who within the firm had financial sign-off etc.
Armed with this information, they would contact employees and tell them that the client account had been frozen due to a payment into it from a known Person of Interest. In order to free up the account they would need to input some security information and need the employee to do this.
They would invite the employee to call back and would supply the real bank Fraud Team number – but would keep the phone line open and even play a recording of dial-tone, key codes, number ringing etc before “answering”.
At this stage they would simply ask for the security input that was being displayed to them on another screen trying to connect to the bank account. Once they had this access they would reassure the employee that all was resolved and account would be unfrozen – but all the while they’d be keying in multiple fraudulent payments to a number of temporary accounts previously set up by them.
The RBS then went on to play a REAL audio recording of just such a phone conversation and it was incredibly plausible! Evidently, in one case the fraudsters had successfully paid out two £70,000 transactions but then greedily tried to process a £7M transaction which set off additional security measures and closed the access. Unbelievably this did not deter them and they then contacted the RBS Fraud Team posing as the employee they had just been speaking to and tried to persuade RBS to free up the account and pass the £7M payment!
It’s worth bearing in mind that these people are not “low level” criminals but could in fact be members of sophisticated fraud and terror networks looking for cash to fund drugs, people trafficking or terrorism.
Case Study: Close Call
Interestingly, one of Denovo’s prestigious Edinburgh based clients, using our Outsourced Cashroom Services, notified us just last week of a very similar occurrence. They advised us that they had received a call from someone purporting to be from RBS Bankline. The person asked our client (the Director) for a selection of details from their firm’s bank. They attempted to talk our client through a number of security questions including his User ID, customer number etc. Crucially, our client wisely refused to hand out the details. He then pressed our client for some digits from his PIN number and security password. Again our client refused to hand out the information. Thanks to his quick thinking and armed with the knowledge of how to deal with such situations, the client ensured that the fraudster was unsuccessful on this occasion.
Our advice to solicitors using technology for banking and other financial transactions is:-
- to make sure all staff are aware of these threats and to double-check everything
- never to give out any security or password info via a 3rd person as real bank Fraud Teams would never request this
- never call back on the same line – always go to another phone to do this
- always input web addresses directly – never follow a link sent to you
- never give out bank employee contact names to plausible callers as bank staff would know these
- this highlights one form of attack – there will be many other varieties
- be vigilant – this is not a potential threat, this is real and present and happening to UK legal firms now!
Protect Yourself with Cashroom Cloud
Denovo continually look for innovative ways of keeping your data safe and secure! We develop and use the most secure and robust methods of keeping both your cash room data and client data files completely secure from online threats.
Our Outsourced Cashroom Services provides yet another level of security for firms. Instead of being concerned about in-house cashiers being targeted by potential fraudsters, allow Denovo Cashroom Services to handle all your banking and financial transactions in a highly secure and trusted setting. This not only provides an excellent, expert service but also offers an additional layer of protection as the fraudsters would not attempt to elicit information from our team of experts. We are highly trained to detect fraudulent activity and would only ever discuss matters with our existing clients using trusted, proven and secure methods of communication.
Talk to us About Cloud Services Today
We provide highly experienced and qualified SOLAS cashier services, whilst simultaneously offering robust and reliable protection for your firm from outside/online threats. Call us today on 0141 530 1299 for a free consultation.
Share the post "Protect Against Fraud with Cashroom Cloud for Law Firms in Scotland"