risk-management.php

Cyber thieves are clever. They target lawyers because we direct transfers of money and they want to steal it.


DON’T FALL FOR IT!

Be suspicious of email instructions.

Cyber fraudsters will get in any way they can. Make sure it’s not through you.

Five steps to protect yourself.

Identify – Don’t accept email requests on face value. The email asking you to re-direct money might look genuine, but it could have been sent by a hacker.

Verify – Call the sender personally to check authenticity. Use a number you know, not one suggested in the email. Ask for the account number, write it down, then compare with the email.

Note – Make a file note that you made the call and confirmed the payment instructions, so you can prove it.

Warn – Tell the client they might also be targeted with fake emails from you and not to act on email payment directions without calling to check. Put this in your engagement letters.

Double-check – Involve a second person in the process and don’t action payment requests without proof that steps 2 and 3 have happened.

If you suspect funds have been stolen, stop payment at the bank immediately.


Download the poster below. Please put it up in your office kitchen to make sure everyone in the team knows what to do.

CLICK TO DOWNLOAD THE POSTER

 

Ican happen to you

No firm is immune from cyber-criminals and their fake emails. We are seeing an increase in attempts to steal money by hackers masquerading as either the client or the lawyer in fake emails. Below is a summary of two of our recent notifications.

The law firm duped

The firm acted for the vendors of a regional property sold for $295,000 with final settlement due in October.

Shortly before settlement, the firm emailed the client confirming payout details and requesting the client’s bank account details.

The client received the email and responded but the firm did not receive that response. Instead they received an email, purportedly from the client but actually from a hacker, setting out details of the account into which the net settlement proceeds should be paid.

Settlement occurred three days later and $110,000 was paid to the hacker’s bank account a further six days after that.

The following day the client phoned the firm to ask whether the property had settled and when they would receive the proceeds. On realising the earlier ‘email instructions’ were fraudulent, the principal’s secretary swiftly contacted the firm’s paying bank as well as the receiving bank into which the funds had been deposited. Fortunately, most of the money was still in the account and was able to be frozen by the bank and recovered. However, a claim was made against the firm for the small shortfall on the basis of a breach of trust in paying settlement money to an account the client had not authorised.

The client duped

The law firm acted for a purchaser of residential property. Their trust account details were provided in the initial engagement letter.

During the matter the client began receiving emails purporting to be from the firm but which were actually from a hacker. The client was asked to deposit $75,000 into the firm’s trust account and helpfully the email included the bank account details. The client responded to the email querying whether the account details were correct as they were different from the details previously provided. The hacker confirmed the new details to be correct and the funds were transferred to the new account and immediately transferred off shore.

The client had to find an additional $75,000 to settle.


For more information about cyber security click here.


6 March 2020

Choose your litigation clients carefully

Choosing the right client for you and your firm is never more important than in the litigation context. Litigation is stressful, costly and often confusing for any client, so making sure you are cautious when choosing to act for a client in a litigation matter is good risk management. There are often telltale signs at […]

More
18 February 2020

Keep your files moving

Files can stagnate for many reasons: make moving them on your New Year’s resolution.  Is one of your professional New Year’s resolutions to procrastinate less, to better move matters on or to ensure nothing gets left behind this year? Make this the year you develop good strategies for moving your files on promptly. Here are […]

More
12 December 2019

Manage for when, not if

Cyber attacks by email are on the rise and law firms of all sizes are at risk. Cyber attacks on law firms of all sizes, but particularly smaller practices without the necessary safety measures in place, are on the increase. It is everyone’s problem. What you need to know is set out here. How they […]

More
30 October 2019

Take steps to avoid GST claims

GST is not simple but there are some easy steps you can take to help protect you and your clients. Section 9 of A New Tax System (Goods and Services Tax) Act 1999 (Cth) (GST Act) sets out the four legs of a “taxable supply”. The fourth, s9(d) is that the supplier is “registered or […]

More
17 October 2019

Bringing your A game

Working on practice management basics gives you a solid platform to provide legal services. Knowledge of the law is fundamental, but not the only ingredient when providing high quality legal services to your clients. LPLC sees claims against practitioners who know the law, but for a variety of reasons fail to discharge their duty of […]

More
23 March 2020

COVID-19 Update from LPLC

Like all law practices, LPLC is responding to the unprecedented COVID-19 pandemic with the utmost thought to the health and safety of our staff, insured practitioners and the community at large. LPLC has not had any COVID-19 notifications, but in line with government advice and sound practice, our staff have moved to a mix of […]

More
27 February 2020

File sharing email scam – multi-factor authentication will help protect you

What is happening There has been a spate of fraudulent document sharing emails circulating within the legal community that look like they are legitimate emails from other law firms. They ask the receiver (you) to access documents by clicking on a link to a document sharing platform such as Skyfish or Dropbox. These emails won’t […]

More
28 January 2020

Windows 7 no longer safe – upgrade now

Keeping your firm’s software up to date is vital to the security of your practice and the interests of your clients. Windows 7 is 11 years old and Microsoft ceased supporting it on 14 January 2020. The most up to date version is Windows 10. This means users of Windows 7 will no longer receive […]

More
5 September 2019

Cyber claim dramatic increase – everyone is at risk

Cyber security is an increasingly significant issue for law firms of all sizes and practice areas, it is not just conveyancing practices at risk, every practice area when they handle money is a potential target. In the 2018-19 year we have seen more than double the number of cyber claims and notifications than the previous […]

More
29 March 2019

Retrospective changes proposed for residential ‘off the plan’ sunset clauses

key risk alerts New bill proposes changes to the operation of sunset clauses in residential off the plan sales contracts. Proposed new requirements will prevent a vendor rescinding ROTP contracts based on a sunset clause without: at least 28 days written notice a purchasers consent The bill provides that the ‘notice’ and ‘consent’ provisions will […]

More
14 February 2020

A practical guide to help lawyers be cybersafe

LPLC has developed a Cyber Security Guide covering five key areas to help time-poor and information-overloaded lawyers understand the risks and act to make their practice safer. The guide has been designed for sole practitioners and small to medium firms as this is where most of the cyber claims occur, however it is equally relevant […]

More
10 February 2020

Beware the risk your client’s email system may have been compromised

Our latest cyber claim story is a salutary reminder not to be complacent about payment directions received by email or be lured into thinking that because your IT system is secure, you are not at risk from cybercrime. In this deceased estate matter, the estate had been wound up and most of the beneficiaries had […]

More
29 January 2020

What’s the difference between a default notice and a rescission notice?

A practitioner acting for a vendor contacted LPLC seeking guidance on how to prepare a default notice for a breach of a sale of land contract by a purchaser and what the difference was between a default notice and the rescission notice. Under most contracts of sale a party is usually required to provide a […]

More
24 January 2020

Handy hints for GST

Some of the enquiries on our GST hotline in the last few months required some basic GST knowledge and logical thinking to answer. Here are some handy hints to help you navigate your next GST question. The starting point for all GST questions should be: is the vendor registered for GST or required to be […]

More
4 December 2019

Success often comes at a price

Some of the firms we have visited as part of our Risk Assistance Program have been around for 20 to 30 years. They often have a sole principal and have grown over the years to have five to eight lawyers and multiple support and administrative staff. The principal works long hours and spends a large […]

More
6 May 2019

Develop the engagement habit

Lawyers can get themselves into hot water when they neglect to go through a thorough client engagement process. Our handy engagement decision tool can help you develop a more manageable approach. Make it routine for every client and every matter.

More
9 November 2018

Key Risk Checklist: Tax issues

This checklist contains the most common taxes and related charges and is not intended to be exhaustive. Ticking a box indicates who is responsible for considering the selected item. Both practitioner and client may be selected. A column has been included for initial comments. It is recommended that a memorandum be sent to the client […]

More
23 August 2018

Key Risk Checklist: Cyber Security

It is essential that firms take steps to prevent cyber-crime as practitioners are increasingly at risk of cyber-attacks. This is a list of the things firms need to do to at least lock the door on cyber-crime. Cyber security ☐  Always authenticate email instructions that involve sending money by speaking to the client in person […]

More
7 May 2018

Key Risk Checklist: Sale of land – questions for the vendor

Sale of land – questions for the vendor   Instructions ☐  Please circle yes or no as applicable. ☐  Please provide the additional information as indicated e.g. a copy of your title(s). ☐  If you do not know the answer or are unable to provide the additional information please insert the words ‘not known’. ☐ […]

More
24 April 2018

Key Risk Checklist: GST

GST is not simple but there are some easy steps you can take to help protect you and your clients. References to divisions and sections can be found in A New Tax System (Goods and Services Tax) Act 1999 (Cwlth). GST alert – for contracts entered into from 1 July 2018, purchaser to collect and […]

More
28 February 2019

Claim free conveyancing

Additional conveyancing download: Default notice Rescission notice Introduction Claim free conveyancing has been produced to help practitioners avoid the most common mistakes which have resulted in a claim in conveyancing transactions. By being aware of how and why mistakes occur, you will be in a better position to protect against claims. Claims against practitioners arising […]

More
17 September 2018

Small business big risk

Since LPLC published the first edition of Small business – big risk there have been some changes in the legal landscape which are particularly relevant to transactions for the sale of small businesses including the introduction of: the Estate Agents (General, Accounts and Audit) Regulations 2008, which has made substantial changes to both the form and content […]

More
6 August 2018

Pitfalls in personal injury litigation

Personal injury litigation Clients seek out litigation lawyers only when something has gone wrong. In the personal injury arena, they have the added difficulty of dealing with a physical or mental impairment and its consequences. This means the relationship is going to be challenging from the start. It can be made even more difficult if […]

More
24 July 2018

Keep managing mortgage risk

Additional mortgage downloads Solicitor’s Certificate – Direct Borrower Solicitor’s Certificate – Third Party, Guarantor etc Translator’s Certificate Client acknowledgement Introduction From 1 July 2015 to 30 June 2017 LPLC has received 43 mortgage claims at a total estimated cost of $3M. Smaller law firms continue to be more vulnerable to these types of claims. Of […]

More
24 April 2018

Avoiding superannuation claims

Introduction Every year LPLC sees claims involving superannuation funds. Claims sometimes arise because the practitioner does not have sufficient knowledge or experience with superannuation matters. Practitioners who regularly act in this area will agree that extensive expertise and understanding is required to properly advise clients and to have the best chance to avoid a claim. […]

More
7 June 2019

Risk video bite – Adequate security or loans

Presenter: Matthew Rose, LPLC Risk Manager

More
2 May 2019

Risk video bite – Attention to detail in wills and estates

Presenter: Heather Hibberd, LPLC Chief Risk Manager

More
5 April 2019

Risk video bite – Systems save claims

Presenter: Stephen Bubb, LPLC Risk Manager

More
1 March 2019

Risk video bite – Buying or selling a small business

Presenter: Matthew Rose, LPLC Risk Manager

More
1 February 2019

Risk video bite – Inadequate advice

Presenter: Phil Nolan, LPLC Risk Manager

More
29 March 2019

Retrospective changes proposed for residential ‘off the plan’ sunset clauses

key risk alerts New bill proposes changes to the operation of sunset clauses in residential off the plan sales contracts. Proposed new requirements will prevent a vendor rescinding ROTP contracts based on a sunset clause without: at least 28 days written notice a purchasers consent The bill provides that the ‘notice’ and ‘consent’ provisions will […]

More
15 August 2018

Vendor/supplier GST withholding notice

There is no prescribed form for section 14-255 supplier GST withholding notice. Below is a suggested form of notice practitioners are welcome to use or adapt.Page two of the notice contains some notes for its use.   Vendor_supplier GST withholding notice(PDF Version) | Vendor_supplier GST withholding notice(Word Version)    

More
14 August 2018

Medical Treatment Planning and Decisions Act 2016 (Vic)

Key points Appointments of medical treatment decision makers and advanced care directives replace medical powers of attorney and refusal of medical treatment certificates from 12 March 2018. Medical power of attorneys entered into before 12 March 2018 are taken to be appointments of medical decision makers. Any refusal of treatment certificates created before 12 March […]

More
7 August 2018

Some purchasers required to withhold GST from 1 July 2018

Download PDF Suggested resources: Vendor/supplier GST withholding notice Key points New GST withholding regime applying to some settlements from 1 July 2018. New notification obligations on vendors of new residential or potential residential land. New notification and withholding obligations on purchasers of new residential or potential residential land. Penalties apply for both vendor and purchaser […]

More
27 June 2018

GST withholding special condition

Download PDF GST withholding 1.1. In this special condition, section references are to Schedule 1 of the Taxation Administration Act 1953 (Cwth) as amended by Treasury Laws Amendment (2018 Measures No.1) Act 2018 (Cwth) and asterisked terms have the same meanings as when used in that schedule. 1.2. If section 14-255(1) applies to the supply […]

More