Another firm falls foul of ‘social engineering’ telephone scam
Are you sure you know who’s on the other end?
The Solicitors Regulation Authority (SRA) has urged solicitors to be extra vigilant after a north-east conveyancing firm became the latest victim of telephone bank scammers.
The firm lost a significant amount from its account and the crime follows two further serious telephone scams in March this year.
In each case the callers have used a technique known as ‘social engineering’ to gain the confidence of those they call and obtain information to access accounts. They ask for ‘challenge and response’ codes, which are then used to authenticate payments and in some cases digital banking log-in and password credentials. Four firms were targeted in this way in November last year, losing £2m between them.
Robert Loughlin, the SRA’s executive director of operations and quality, said: “We are very concerned about this continuing activity. The fraudsters are highly sophisticated in their approach and their script makes them sound as though they are genuinely who they say they are.
“Solicitors throughout England and Wales are raising this serious issue as one of their major concerns in general discussions with us. We are aware of firms of all sizes receiving calls – this isn’t something that affects just one sector of the profession.
“All firms should ensure that their own internal systems for guarding against scams are up-to-date and that staff know how to implement them.”
The SRA reminded solicitors that banks will never ask for passwords or account related details over the phone. If employees are concerned about the authenticity of a caller, they should terminate the call and make further enquiries.
To validate callers, firms should contact somebody they already know at the bank, using a separate telephone line. There have been examples of the scammers keeping telephone lines open, to intercept an outgoing call.
More information from the SRA can be found here.
Tags: fraud, Solicitors Regulation Authority
Leave a comment
* Denotes required field