Law firm duped out of €97,000 in cyber scam

STOCK IMAGE Dominic Lipinski/PA Wire

Shane Phelan

A law firm transferred €97,000 to cyber criminals after its email system was hacked.

The fraud occurred after an email sent by a solicitor to the firm's bookkeeper, containing instructions for the making of a payment, was intercepted and bank account details were changed.

Details of the attack were revealed by the Law Society, which warned members to take precautions before transferring money.

It comes just weeks after a report by professional services firm Smith & Williamson revealed more than 60pc of the country's leading law firms had been subject to a cyber attack in the past year.

The firm at the centre of the latest case has not been identified, but the Law Society said the practice reported being subjected to two cyber attacks in the space of a week.

Both attacks requested that a solicitor transfer money to fraudulent bank accounts.

In the first case, the practice was redeeming a mortgage, with the money payable to a fund. The email received requested the money be sent to a bank account in Turkey and gave the name of the account as "Bitcoin Concept".

This was identified as a fraud and the practice did not act on the email. Enquiries were made to determine the correct bank account details before the money was transferred.

However, a second attack by cyber criminals proved successful. The firm was acting to redeem a mortgage for Pepper Finance and received an email from a Pepper staff member which included Bank of Ireland account details.

The solicitor involved took steps to verify the details before sending an email to the firm's bookkeeper.

However, this email was intercepted and the bank account details were changed to a fraudulent bank account at an Ulster Bank branch.

The transfer was made and the money was withdrawn from the account by the cyber criminals.

While the money was taken, the law firm has been advised by its insurer that the loss is covered by its cybercrime insurance policy.

In a statement, the Law Society said it had been made aware of a small number of similar attacks, but exact statistics were not available.

It said it had developed a range of measures to help solicitors identify and prevent breaches of cyber security in their firms, including online resources with advice and guidance.

It has developed an online form so solicitors can report any cybercrime they may have fallen victim to. Details of scams can then be communicated to other solicitors.

"This is one way of ensuring that the profession is aware of all types and methods of attacks to help them protect their firms from similar attacks," the statement said.

Advice to solicitors includes that bank account details be sent by letter or fax.

If bank details are received by email, it is imperative the person making the transfer verifies the account details.

The Law Society has also advised solicitors who identify a fraudulent email to change their passwords immediately and ensure their system is checked for malware.