By now you have probly know someone or a firm that has been impacted by fraud or scams. In Australia businesses reported more than 5800 scams with losses exceeding $7.2 million in 2018 and a large portion of this relates to business email compromise. Small businesses with fewer than 20 staff were most likely to be targeted by scammers and accounted for more than 75 per cent of reports to the ACCC.

The most sophisticated scams (and the most costly) we see at law firms are false billing scams.

In a false billing scams, the scammer requests you or your business to pay fake invoices for products or services that you did not order or requests you to change bank details for a legitimate transaction. This includes cases where the hacker may have hacked a client or supplier and send what looks like a legitimate email from their email account requesting you to change the bank account details on an invoice or for a settlement. In these cases multiple emails may be exchanges with the scammer and they will typically give a number of seemingly reasons why they need to change their bank account details.

We have outlines a number of steps to help protect your firm

How to protect your firm

• Regularly train users on how to identify scam emails or phishing attempts. In a lot of cases the emails have originated from the legitimate email account of the client so they are not detected as SPAM by most email spam software. Users should be treating any unexpected message with caution.
• Have a policy in place for when a client or supplier requests the change of bank account details. This should include what verification steps are required (we recommend at least written instructions and phone verification)
• Always check that goods or services were both ordered and delivered before paying an invoice.
• Limit the number of people in your business who are authorised to make orders or pay invoices.
• If you receive an invoice and the usual bank account details have changed, call the supplier to confirm.
• Add a disclaimer to all external emails advisiong clients that bank account details need to be provided in writing and that you may peform phone verification before transferring any funds.
• Follow best practice security principles regarding installing patches, antivirus, passwords and backups
• Have an incident response plan which includes a set of written instructions for responding to and limiting the effects of a cyber-security incident.

Additional Information

There is a wealth of information online about protecting your law firm from false billing scams, and some of the best resources are includes below:

• www.scamwatch.gov.au (provided by the ACCC)
• www.staysmartonline.gov.au (provided by ACSC)

Did you find this interesting? Read more posts here.

Contact us here - or call us on (02) 9146 6339