risk-management.php

Cyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it.


DON’T FALL FOR IT!

Be suspicious of email instructions.

Cyber fraudsters will get in any way they can. Make sure it’s not through you.

Five steps to protect yourself.

Identify – Don’t accept email requests on face value. The email asking you to re-direct money might look genuine, but it could have been sent by a hacker.

Verify – Call the sender personally to check authenticity. Use a number you know, not one suggested in the email. Ask for the account number, write it down, then compare with the email.

Note – Make a file note that you made the call and confirmed the payment instructions, so you can prove it.

Warn – Tell the client they might also be targeted with fake emails from you and not to act on email payment directions without calling to check. Put this in your engagement letters.

Double-check – Involve a second person in the process and don’t action payment requests without proof that steps 2 and 3 have happened.

If you suspect funds have been stolen, stop payment at the bank immediately.


Download the poster below. Please put it up in your office kitchen to make sure everyone in the team knows what to do.

CLICK TO DOWNLOAD THE POSTER

 

Ican happen to you

No firm is immune from cyber-criminals and their fake emails. We are seeing an increase in attempts to steal money by hackers masquerading as either the client or the lawyer in fake emails. Below is a summary of two of our recent notifications.

The law firm duped

The firm acted for the vendors of a regional property sold for $295,000 with final settlement due in October.

Shortly before settlement, the firm emailed the client confirming payout details and requesting the client’s bank account details.

The client received the email and responded but the firm did not receive that response. Instead they received an email, purportedly from the client but actually from a hacker, setting out details of the account into which the net settlement proceeds should be paid.

Settlement occurred three days later and $110,000 was paid to the hacker’s bank account a further six days after that.

The following day the client phoned the firm to ask whether the property had settled and when they would receive the proceeds. On realising the earlier ‘email instructions’ were fraudulent, the principal’s secretary swiftly contacted the firm’s paying bank as well as the receiving bank into which the funds had been deposited. Fortunately, most of the money was still in the account and was able to be frozen by the bank and recovered. However, a claim was made against the firm for the small shortfall on the basis of a breach of trust in paying settlement money to an account the client had not authorised.

The client duped

The law firm acted for a purchaser of residential property. Their trust account details were provided in the initial engagement letter.

During the matter the client began receiving emails purporting to be from the firm but which were actually from a hacker. The client was asked to deposit $75,000 into the firm’s trust account and helpfully the email included the bank account details. The client responded to the email querying whether the account details were correct as they were different from the details previously provided. The hacker confirmed the new details to be correct and the funds were transferred to the new account and immediately transferred off shore.

The client had to find an additional $75,000 to settle.


For more information about cyber security click here.


1 April 2018

Conveyancing claims on the rise

What risk management practices are you doing to avoid a conveyancing claim? In 2016/17 LPLC received 127 conveyancing claims and notifications which represented approximately 30 per cent of all claims and notifications received that year. The cost is currently estimated to be in excess of $10 million. This represents an increase in both the number […]

More
27 March 2018

In Check Issue 78 | March 2018

Cyber fraud – it can happen to you No firm is immune from cyber-criminals and their fake emails. We are seeing an increase in attempts to steal money by hackers masquerading as either the client or the lawyer in fake emails. Below is a summary of two of our recent notifications. The law firm duped […]

More
1 March 2018

Will it be right?

Mistakes in the preparation of wills can be avoided with careful proofreading. In the 2016-17 policy year, wills and estates claims accounted for 11.7 per cent of the total cost of claims and 8.4 per cent of the total number. In the previous 10-year period, these figures were 6.8 per cent and 3.2 per cent […]

More
6 February 2018

Deputy takes the helm

The Legal Practitioners’ Liability Committee welcomes its new CEO. Justin Toohey took over as CEO of the LPLC on 1 January following the retirement of Miranda Milne, who had held the role since 1996. Previously deputy CEO and head of claims since 2005, he is committed to strengthening LPLC’s relationships with all its stakeholders. “I […]

More
1 February 2018

Use counsel wisely

Think about your approach to accepting work and briefing counsel. LPLC receives claims that can be attributed to practitioners’ over-reliance on, or poor briefing of, a barrister. In some instances, the practitioner acts outside their area of expertise and thinks they can just brief a barrister. In others, they fail to adopt a proactive approach […]

More
29 June 2017

Cyber security breach – claims caused by fake client email

It is no longer safe practice to transfer money to a client’s account based only on email instructions from your client. Always verify email instructions from a client, especially if it involves handling money, by confirming the details orally with the client. LPLC has received four notifications in the last two years, one only last […]

More
6 November 2016

CGT withholding payments – practical examples

Updated July 2017 Introduction This bulletin contains practical examples of how the withholding requirements, which commenced 1 July 2016 and were amended with effect from 1 July 2017, work. For more general information about the new regime please refer to the following two LPLC bulletins: 1 July 2017 amended CGT withholding payments for real property […]

More
19 October 2016

Cyber security cautionary tale

Introduction Cyber security needs to be at the forefront of everyone’s mind, whether you are in a small firm or a large firm. The recent experience of a Victorian law firm is a good example of how easy it is to be caught out. The realistic email A principal of one of our insured firms […]

More
6 July 2016

Amended CGT withholding payments for options, company title interests and indirect Australian real property transactions

Updated July 2017 Introduction This bulletin contains information on the withholding requirements which commenced on 1 July 2016 as amended in June 2017 by the Treasury Laws Amendment (Foreign Resident Capital Gains Withholding Payments) Act 2017 (Cwlth). This bulletin focuses on: options and rights to acquire company title interests indirect Australian real property interests. You […]

More
2 June 2016

1 July 2017 amended CGT withholding payments for real property sales

Updated July 2017 Key points Amended withholding requirements for contracts of sale of real estate worth $750,000 or more from 1 July 2017. All purchasers of such real estate must register to withhold 12.5 per cent for acquisitions from 1 July 2017 (previously 10 per cent) unless they are given a clearance certificate by the […]

More
20 April 2018

Communicate better with colleagues to close the cracks

Tasks fall between the cracks when practitioners fail to communicate proactively and effectively with colleagues. In one claim, the firm was retained by a lender to prepare a loan agreement and lodge caveats over several properties owned by the borrower. The following year, the borrower asked a consultant at the firm to arrange for the […]

More
13 April 2018

A risk to avoid in the TFM list

Failing to comply with paragraph 7.2 of the Testator Family Maintenance List Practice Note SC CL 7 could expose you to a cost order. The Supreme Court issued a notice on 11 December 2017 informing practitioners that as of 1 March 2018 they were expected to comply with paragraph 7.2 by 2pm on the Friday […]

More
23 March 2018

Confirm currency of money sent overseas

Sending money overseas is a common action for law practices today and we receive claims when the money is sent in the wrong currency. In our experience, the banks routinely convert the funds into the receiving country’s currency before sending it unless clearly instructed otherwise. In one claim the practitioner had given oral instructions to […]

More
16 March 2018

Change to migration agent registration and risks to consider

Practitioners may no longer be required to be registered as migration agents from 1 July 2018 under proposed changes. According to Dr. Lydia Wells from Murdoch University, these ‘…upcoming changes to the registration regime will bring opportunities for lawyers to enter this practice area…’. In her article No longer a ‘migration agent,’ in the October […]

More
9 March 2018

Warn clients to verify emails containing payment details

Could your clients be receiving fake emails from you? Much has been written recently about the need to speak to clients to authenticate email instructions about transferring money to client accounts. But if the client receives a fake email from your firm directing them to pay money into a bank account of the fraudster, will […]

More
18 December 2017

Key Risk Checklist: Electronic property transactions – office management

Electronic property transactions – office management checklist Office policy content Below is a list of issues to consider when writing your office policy and recommended responses. ☐  Who will hold a digital signature? The digital signature is embedded in a USB. Preferably only partners have digital signatures. ☐  How a digital signature’s USB and pin […]

More
18 December 2017

Key Risk Checklist: Electronic property transactions

Electronic property transactions – matter checklist ☐  Is there an electronic transaction clause in the contract? ☐  Discussed with the client whether the conveyance can be done electronically or on paper. – Land Use Victoria has announced that all transaction will be electronic by August 2019. ☐  Client told consequences of conducting electronically. Any paper […]

More
12 December 2017

Key Risk Checklist: Solicitor’s certificates for borrowers or surety providers

Updated: December 2017 Solicitor’s certificates for borrowers or surety providers ☐  Allocate only one person in the office to give solicitor’s certificates. ☐  Confine the provision of a solicitor’s certificate to existing clients. ☐  Where the client receives the security documents before you, request they send you the documents well in advance of your meeting […]

More
20 November 2017

Key Risk Checklist: File transfer from another firm

  Client intake Comment or detail Complete the client intake checklist to establish if you should act for this client in this matter at this time (click here). Immediate file review  Comment or detail Conduct an immediate file review to determine: critical dates and relevant time limits outstanding issues next steps. Internal procedure  Comment or […]

More
16 August 2017

Key Risk Checklist – Conveyancing resources

    LPLC Resources Comments Checklists: Sale of land – questions for the vendor Purchase of land – questions for the purchaser Property websites and comments Tax issues GST LPLC Face to face verification of identity checklist LPLC has posted numerous blogs about property law issues. Our blogs can be searched by area of law. Subscribe […]

More
5 February 2018

Pitfalls in personal injury litigation

Personal injury litigation Clients seek out litigation lawyers only when something has gone wrong. In the personal injury arena, they have the added difficulty of dealing with a physical or mental impairment and its consequences. This means the relationship is going to be challenging from the start. It can be made even more difficult if […]

More
24 January 2018

A guide for executors

18 frequently asked questions about being an executor. This booklet provides a guide, in question and answer format, for executors about their role, their obligations and what is involved in managing and finalising an estate in Victoria. For more information executors should contact their legal practitioner. 1 Who is an executor? An executor is a […]

More
24 January 2018

A guide for beneficiaries

20 frequently asked questions about being a beneficiary This booklet provides a guide, in question and answer format, for beneficiaries about what is means to be a beneficiary, what is required of them and what is involved in managing and finalising an estate in Victoria. For more information beneficiaries should contact their legal practitioner. 1 […]

More
6 November 2017

Looking after leases

Introduction Looking after leases contains details of claims, relevant cases and legislation affecting retail leases. It is designed to raise your awareness of common problems in commercial and retail lease transactions, and help you protect your practice against claims. Residential leases, crown leases, caravan park site agreements and retirement village agreements are outside the scope of […]

More
26 September 2017

Small business big risk

Introduction Since LPLC published the first edition of Small business – big risk there have been some changes in the legal landscape which are particularly relevant to transactions for the sale of small businesses including the introduction of: the Estate Agents (General, Accounts and Audit) Regulations 2008, which has made substantial changes to both the form and […]

More
6 April 2018

Risk video bite – Drafting

Presenter: Matthew Rose, Risk Manager, LPLC

More
2 March 2018

Risk video bite – Conveyancing

Presenter: Phillip Nolan, Risk Manager, LPLC

More
2 February 2018

Risk video bite – Personal injuries litigation

Presenter: Matthew Rose, Risk Manager, LPLC

More
1 December 2017

Risk video bite – Supervision

Presenter: Alex Macmillan, Risk Manager, LPLC

More
3 November 2017

Risk video bite – Delegation

Presenter: Alex Macmillan, Claims Manager, LPLC

More
16 April 2018

About LPLC – serving and protecting you!

It’s your insurance scheme! Your scheme provides universal, comprehensive and secure statutory professional indemnity insurance (PII). You get certainty of cover from year to year without the cyclical fluctuations of the commercial insurance market and automatic run-off cover to protect you from claims after you cease legal practice. The policy protects you from the financial […]

More
10 April 2018

Cyber fraud – five steps to protect yourself

Cyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it. DON’T FALL FOR IT! Be suspicious of email instructions. Cyber fraudsters will get in any way they can. Make sure it’s not through you. Five steps to protect yourself. Identify – Don’t accept email requests on […]

More
6 February 2018

Cost estimates | Client brochure

Many clients have never retained a lawyer before and do not know how to work effectively with them or understand what a cost estimate is. This lack of understanding sometimes contributes to claims against law firms that could have been avoided or minimised if there had been better communication between the firm and the client about […]

More
6 February 2018

Snapshot – Family law

Snapshots provide data and main causes of claims in areas of practice as well as risk management strategies at a glance. Click the image to enlarge or download above.                        

More
5 February 2018

Cyber security – how to protect yourself | Client brochure

Our firm has proactive steps in place to protect you and your information from cyber-attack. We also need you to take some precautionary steps to ensure the security of your information. What we will do Tell you at the start of a matter what our payment details are and not change those details unless we […]

More