Skip to main content

As the business sector continues to implement new strategies to protect against cyber risk, cyber criminals are constantly evolving different ways to steal money and confidential information.

The bank impersonator strategy of cyber criminals calling law firm staff directly is a developing trend we are seeing. In this scenario, the cyber criminal calls the firm purporting to be from the firm’s bank and tries to trick the operator into transferring money to fraudulent bank accounts, or to dupe them into handing over online bank account credentials allowing the criminal to clear out bank accounts.

In some instances, bank impersonators may have also gained fraudulent access to the firm’s email account and use information obtained there to support their deception.

Whilst banks do sometimes directly call businesses about banking matters, they will never ask for personal or business online login banking credentials. Banks have no need for these to conduct business or transactions at their end so there is never a need to ask for them. Handing over these details is like handing over the keys to your house to a criminal.

As well as financial institutions, we are also seeing similar impersonations with cyber criminals posing as telecommunications companies, for example the NBN scam.


Risk Management tips

Beware of cyber criminals calling law practices and impersonating their bank to trick staff into providing access to firm online banking login credentials.
Banks may call the firm, but they will never ask for online banking account login credentials including passwords. There is no need for them to do this.
Stay vigilant and review the firm’s staff training and policies and procedures to ensure they properly deal with impersonation scams. Regular and up-to-date training and robust policies and procedures are essential components of any firm’s cyber security strategy.
LPLC has produced a cyber security guide full of practical information to help lawyers be cybersafe. The guide outlines 5 key areas of focus (including staff training and policies and procedures) and explains why each is important to be included in cybersafe strategies for law practices.


More resources on cyber security

Cyber security guide for lawyers

Cyber awareness — An essential part of workplace training

Call first to avoid cyber fraud

Cyber fraud blink and it's gone

Enable multifactor authentication — a simple thing that could save you

TOP