Cyber security — how to protect yourself — Client Brochure

LPLC is continuing to see claims resulting from cyber fraud where clients have transferred money to the wrong bank account based on emails they thought were from their lawyer.

Typically, the law firm sends an email requesting funds with bank account details. Afterwards the client then receives another email, purporting to be from the law firm, with different account details. The client is unaware the second email is fraudulent and pays the money to the fraudulent account. In most instances the funds cannot be recovered.

To help protect your clients’ money against cyber fraud, it is important to provide clear verbal and written warnings to your clients about cyber risks from the start of the retainer.

In addition to verbally raising the risks, also include warnings in your retainer and initial communications with clients.

This client brochure warns about the risks of cyber-crime and details steps which clients should take to protect themselves against potential loss.

Law firms and their clients are targets for cyber-criminals and cyber fraud. Cyber-criminals are experts at intercepting and modifying emails containing sensitive information including bank account details to try and divert your money to their bank account.

Often, there is no indication that an email has been compromised, as it will appear to be from a legitimate email address. Once funds are diverted, there is generally no or limited recovery through the banks.

Here are some precautionary steps you must take to protect yourself against cyber-crime and potential loss. We will also take steps to prevent the loss of funds.

What you must do

• Never rely on or trust emails from our law firm providing bank account details. Treat all emails and electronic documents, including PDF documents with suspicion, as if they may have come from a cyber-criminal or not legitimately sent by us.
• If you receive an email containing bank account details and requesting payment, you must call or physically see a known contact at the firm to verify the authenticity of the email and ask them to verbally confirm the correct bank account details.
• When calling us to verbally verify bank account details, do not use contact details from an email, even if it looks like the email came from our office. Always use a known telephone number or independently search our website.
• Never transfer money without first verbally verifying bank account details with us by phone or in person.

What we will do

• We will tell you at the start of our work together what our payment details are and not change those details unless we speak to you verbally first. We will not notify you of a change to bank account details by email only.

• We will call you to verify bank account details you send to us by email on a known telephone number that we will ask you to provide at the start of our work together.