Skip to main content

Just as you need to protect your firm against scam emails directing payment of trust money to cyber criminals, you need to be proactive in warning clients they might be targeted with fake emails from your firm.

What's on this page?

There are increasing incidents where clients have received scam emails purportedly from their law firm directing payment to a new bank account. Typically, the fraudster became aware of the work the firm was doing for the client after gaining access to either the client or firm's email account.

At the start of every matter, tell your clients:

  • your firm's trust account details are in its engagement letter and will not be changed
  • if the client receives an email from your firm containing changed trust account payment details, they must either visit the firm in person or telephone the firm to verify the position, and not respond to the email
  • only contact the firm via the contact details given in the initial interview and do not reply via the details in the email requesting the change as this could be part of the scam.

Put this information along with trust account details in your firm's standard engagement letter.

LPLC has a sample brochure called Cyber security – how to protect yourself you can use or adapt to give to clients.

Warn clients early and often

A single warning is rarely enough. Cyber criminals rely on clients forgetting earlier instructions when they receive a convincing fraudulent email weeks or months into a matter. For this reason, we recommend building repeated warnings into your standard workflows at every key touchpoint.

Specifically, consider providing a cyberfraud warning:

  • as a stand-alone document included with the first documents sent to the client
  • each time you send an invoice to the client
  • any time you send a request for the forwarding of funds to anyone
  • any time you meet with the client, including your first interview

Repeating the warning at these moments reinforces the message when it matters most and particularly at the point when money is about to move. A short, consistent reminder (even a single sentence) added to invoices and payment requests costs very little but can prevent a devastating loss for your client.

Email footer warnings

We also suggest adding a warning to your firm's standard email signatures along the lines of:

WE TAKE THE RISK OF CYBERFRAUD SERIOUSLY AND SO SHOULD YOU. Hackers have impersonated law firms and requested payment via email using their own account details. It is important you take the extra step to verify any bank account details you receive in an email from our firm by speaking to us before transferring money. Use a search engine to find our website and verify our phone number and call us. Do not reply to any emails asking for payment before verifying its authenticity with us.

The LPLC also provides a selection of ‘Call before you pay email footer’ banners that you can add to your corporate email signature block.

Finally, discuss this important issue with colleagues and other firms, so everyone is aware of the risks.

Watch our short video about warning your clients about cyber security.

More on Technology & Cyber

All Resources
LPLC Articles

Call before you pay: the simplest way to stop email payment fraud

Cyber security 11 Jun 26

Email remains one of the most common pathways for payment redirection fraud, particularly where a cybercriminal gains access to a client or law firm email account and inserts false bank details into an otherwise genuine matter. The most effective practical safeguard is simple: before money is paid, the bank details must be verbally verified using a trusted, independently sourced telephone number.

Learn more
LPLC Articles

Enable multifactor authentication – a simple thing that could save you

Cyber security 11 Jun 26

Multi-factor authentication is one of the most effective ways you can prevent cyber-criminals from gaining access to your firm’s systems and your clients’ confidential information. Multi-factor authentication is readily available, easy to set up and gives you an extra layer of security if your password is stolen (including where it is fraudulently obtained by phishing and social engineering).

Learn more
LPLC Articles

Understanding attack vectors and why law firms are targeted

Cyber security 11 Jun 26

Attack vectors are the specific methods and pathways that cybercriminals use to compromise systems, access networks, and steal data. Rather than relying on technical vulnerabilities alone, modern attackers increasingly exploit the most predictable and accessible entry point: people. This shift means that understanding attack vectors requires understanding both the technical and psychological dimensions of cybersecurity threats.

Learn more
All Resources

Latest News & Alerts

All News & Alerts
News

Joint statement on behalf of the Victorian legal profession on the tragic events at Bondi Beach

Where to get help 15 Dec 25

We are united in our shock and sorrow following the horrific attacks that took place at Bondi Beach yesterday evening.

Our thoughts are with the victims, their families and all those who have been tragically affected by this abhorrent violence. This has particularly impacted the Jewish community of Sydney and across Australia, a community that is an integral and cherished part of our multicultural society.

We stand in solidarity with the Jewish community and all who have been affected by this senseless violence. Everyone has the right to safety, security and freedom from fear.

We condemn these acts of antisemitism, extremism and violence in the strongest possible terms. We reaffirm our commitment to the rule of law, which underpins the safety and security of all in Australia.

We are united in our resolve that such acts of violence and hate will not undermine the values of inclusion and fundamental freedoms, including of religion and other rights, which define our community.

Learn more
News

LPLC Annual Report 2024-2025

17 Nov 25

The LPLC is proud to present the Annual Report for 2024-2025. This high was tabled in the Victorian Parliament on 12th of November 2025.

Learn more
Alert

Alert - Fake Solicitor Websites

Cyber security 15 Aug 25

Cybercriminals are creating fake solicitor websites with domain impersonation.

Learn more
All News & Alerts
TOP