Phone scams hit solicitors, with four firms losing £2m

Print This Post

3 December 2014


Scam: call back on a mobile line

Four law firms have recently lost £2m from their client accounts after falling victim to scammers who tricked them into disclosing bank security information over the telephone, the Solicitors Regulation Authority has warned.

The regulator said the fraudsters gain the confidence of those they call – known as “social engineering” – to obtain important information and access account funds.

Specifically, they ask for ‘challenge and response’ codes, which are used to authenticate payments and in some cases digital banking log on and password credentials.

The SRA said that banks will never ask for passwords or response codes over the telephone.

Robert Loughlin, SRA executive director of operations, said: “These scammers are very active and convincing. They are highly sophisticated in their approach and therefore very capable of duping many people.”

Banks suggest that firms independently validate callers by contacting somebody they already know at the bank, preferably using a separate telephone line, for example a mobile line, as there have been examples of scammers keeping the line open to intercept any follow-on call to check – so-called vishing.

The news comes as Financial Fraud Action UK reported that consumers who fell victim to vishing lost at least £24m to fraudsters in the last year, more than treble the amount in the previous 12 months, with 58% of people saying they had received suspect calls over the same time.

Banks, building societies, card companies and the police have joined forces to highlight the problem, with a national advertising campaign planned to tell consumers what to look out for.

Other variations of the vishing fraud, as highlighted earlier this year by NatWest and RBS, include ultimately persuading customers to transfer money to a new bank account that has been opened so as to protect them from alleged fraudulent transactions.

Tags: , ,



Leave a comment

* Denotes required field

All comments will be moderated before posting. Please see our Terms and Conditions

Legal Futures Blog

GDPR and the rise of ‘datanapping’ – the new threat to the pockets of law firms

Nigel Wright

You’ve heard about ransomware – a hacker infiltrates your IT systems, locking them down until you pay a ransom. Some studies now estimate that over 50% of businesses have experienced this type of attack in the last year, and it’s particularly prevalent within the legal sector. Previously, firms could protect themselves by having a solid disaster recovery plan in place to ensure they can get back up and running in the event of a disruption. However, the General Data Protection Regulation (GDPR) – the new EU-wide regime which comes in effect on 25 May 2018, irrespective of Brexit – means that this approach alone is no longer adequate and security measures must be strengthened to prevent attacks.

April 21st, 2017