The Law Society’s Trust Department has become aware of recent cyber attacks on law practices.
According to Jim Sofiak, the Law Society’s Chief Trust Account Investigator, one scam involves the hacker sending a text asking about a password reset on a Gmail account. “Just like scams targeting solicitors in relation to a bank, hackers know a certain percentage of the population banks with a certain bank, so they are bound to get some sort of hit rate,” Sofiak said.
The text says that if you did not request such a request, text STOP. “Your first inclination might be to reply ‘Stop’ because you did not request a password change. Do not reply, this is a scam,” Sofiak explained.
He explained how the scam works: once you send the “STOP” text, the hacker will then respond asking you for the six-digit code you received to stop the password change. This is a scam. The hacker requests a password reset for your account and is asking you for the code to change the password to take control of your email account. Do not reply to the text, as doing so will tell the scammers they have reached a valid number.
The second (and law practices have already been defrauded by this method) is where the hacker has studied your website and has determined the name of your accounts person and that person’s email address.
They then send an email from either an iPad or mobile phone pretending to be from the principal (the name also obtained from the website). The latest being, “What’s your account balance? I need you to make some payment today. Kind regards, (name of principal). Sofiak advised solicitors to share this information with their staff and explain the instructions on how to deal with the threat.
For more information on cyber fraud, see the Law Society’s resources at lawsociety.com.au/scamalert