By -

In the ever-evolving landscape of cybersecurity threats, a recent event has underscored the vulnerability of trust accounts to cyber-attacks and highlighted how even the most diligent professionals can overlook crucial steps, leading to significant financial consequences.

Meet Patrick, a seasoned finance manager tasked with processing payments for a large legal practice. Amidst the daily hustle, Patrick received a follow-up phone call from a client to verify her bank account details on an email she had just sent.  Patrick knew the process was to confirm bank account details with a client over the phone and was appreciative that the client had called to verify her account details before she went about her daily errands and would be largely un-contactable.

Without double-checking, Patrick swiftly processed the payment using the bank details provided in the email.  Unbeknownst to Patrick, the email containing the bank details was compromised, leading to the funds being diverted to an unauthorised account.

By the time the error was discovered, the law practice had incurred a significant financial loss and had to restore the deficiency in the trust account, damaging its reputation and eroding trust with its client.

The caller, it turned out, was a scammer who had sent the fraudulent email.

Lessons Learned:

  1. Verification Protocol: Implement a rigorous verification process for all payment instructions, especially when received via email or other electronic means, noting that internal emails can be compromised as well. This may include cross-referencing with previously recorded bank details or directly contacting the client through established communication channels.
  2. Two-Factor Authentication: Utilise two-factor authentication or multi-level approval systems for high-value transactions.
  3. Employee Training: Provide comprehensive training to finance teams on fraud awareness and prevention strategies. Ensure staff are trained on any recovery plans, should a breach/loss occur as swift action is paramount. Encourage a culture of scepticism and critical thinking, where employees are empowered to question unusual requests and verify information independently.
  4. Regular Audits: Conduct regular audits of payment processes and controls to identify vulnerabilities and strengthen internal controls. This includes reviewing transaction records, monitoring for unusual patterns, and updating protocols in response to emerging threats.

In the realm of trust accounts, the consequences of weak oversight can be severe. By learning from past mistakes and implementing robust safeguards, law practices can mitigate the risk of falling victim to fraudulent schemes and safeguard the trust account.

Practitioners who have questions about their trust accounting obligations are encouraged to refer to the Law Society’s webpage which has resources on helping practitioners.

Practitioners who have further queries are encouraged to contact the NSW Law Society’s Trust Account Department on tad@lawsociety.com.au or (02) 9926 0337.