Another firm falls foul of ‘social engineering’ telephone scam

Print This Post

23 April 2015


Are you sure you know who's on the other end?

Are you sure you know who’s on the other end?

The Solicitors Regulation Authority (SRA) has urged solicitors to be extra vigilant after a north-east conveyancing firm became the latest victim of telephone bank scammers.

The firm lost a significant amount from its account and the crime follows two further serious telephone scams in March this year.

In each case the callers have used a technique known as ‘social engineering’ to gain the confidence of those they call and obtain information to access accounts. They ask for ‘challenge and response’ codes, which are then used to authenticate payments and in some cases digital banking log-in and password credentials. Four firms were targeted in this way in November last year, losing £2m between them.

Robert Loughlin, the SRA’s executive director of operations and quality, said: “We are very concerned about this continuing activity. The fraudsters are highly sophisticated in their approach and their script makes them sound as though they are genuinely who they say they are.

“Solicitors throughout England and Wales are raising this serious issue as one of their major concerns in general discussions with us. We are aware of firms of all sizes receiving calls – this isn’t something that affects just one sector of the profession.

“All firms should ensure that their own internal systems for guarding against scams are up-to-date and that staff know how to implement them.”

The SRA reminded solicitors that banks will never ask for passwords or account related details over the phone. If employees are concerned about the authenticity of a caller, they should terminate the call and make further enquiries.

To validate callers, firms should contact somebody they already know at the bank, using a separate telephone line. There have been examples of the scammers keeping telephone lines open, to intercept an outgoing call.

More information from the SRA can be found here.

Tags: ,



One Response to “Another firm falls foul of ‘social engineering’ telephone scam”

  1. This is in danger of becoming another ‘double whammy’ for the profession. Insurers have already had to pay out significant sums off the back of client firms falling victim to such scams. Please ensure that everyone in your firm is aware of the current fraud risks. Check our advice on (i) Invoice Hijacking (https://www.locktonsolicitors.co.uk/news/fraud-alert-invoice-hijacking.html); and (ii) Vishing (https://www.locktonsolicitors.co.uk/news/fraud-update-fake-law-firms-vishing-on-the-rise.html). Firms that are not alert to these dangers and have suitable controls in place may start to find it more difficult to obtain cover.

  2. Calum MacLean on April 30th, 2015 at 12:29 pm

Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

The skills shortage in law firms is the biggest threat to handling cybercrime

CLC Roundtable discussion at Malmaison Hotel, Charterhouse Square

The skills shortage in our businesses is the biggest threat to our industry when looking at cybercrime. Cybercriminals are not just after money but are looking for sensitive information too, so the legal services sector is an obvious target. In the last year we have had reports of around £7m of client money being lost to such crime. This is not an IT issue and it should not be left to the IT teams to sort out. It is a high-level responsibility and a board-level issue that must be taken seriously. We suspect that we will look back on 2016 and ask why we didn’t respond quicker.

March 21st, 2017