Here's how cyber criminals are targeting attorneys in scams to steal cash | Fin24
  • Credit Rating

    'I think Moody's will be happy' - President Ramaphosa says plan to deal with Eskom's debt is imminent.

  • 'No Basis in Fact'

    The PIC commission has slammed Iqbal Survé’s claims about Minister Pravin Gordhan.

  • Fin24’s newsletter

    Sign up to receive Fin24's top news in your inbox every morning.


Here's how cyber criminals are targeting attorneys in scams to steal cash

May 14 2018 12:34
Duncan Alfreds

Attorneys are the latest targets facing attack by cyber criminals intent on stealing money.

According to research conducted by Stalker Hutchison Admiral (SHA) Specialist Underwriters, attorneys have proved to be vulnerable to spear phishing attacks.

In these scams, cyber crooks send a conveyancing attorney a fraudulent email purporting to be from a home seller.

"The approach is simple. The attorney firm is instructed by a client to register the sale of a property. Once the property is registered at the Deeds Office, the proceeds of the sale are due to the seller," Christopher Appanah, claims team leader for PI and liability at SHA, told Fin24.

"It is at this point that cyber criminals make their move. The attorney is sent a last-minute email alleging to be from the seller, requesting that the seller's banking details be amended. The proceeds of the sale are then diverted to the hacker's account."

Three contributing factors

This correlates with research by Mimecast, which found that 90% of all cyber attacks began with an email.

Appanah said that three factors made attorneys vulnerable to this kind of targeted attack.

"First of all, attorneys are not infallible. There is a perception that has been created that an attorney cannot falter in the performance of their professional duties. If this [were] the case, then there would be no need for professional indemnity insurance."

He also said that cyber attacks had evolved from simple schemes to sophisticated fraud, where crooks create content that closely mimics official websites and emails.

The differences may be extremely subtle, for example substituting a "1" for an "I", or a name like "Petersen" may be spelled "Pietersen" in an email. In a high-pressure environment, mistakes may be overlooked easily.

"Finally, there can be an increase in risk, where the attorneys themselves do not attend to the so-called non-professional tasks or administration-related tasks, which do not require the application of their particular professional judgment," said Appanah.

"These tasks may be assigned to staff who may not necessarily be aware [of] or alive to the potential risks that lurk within cyber interactions."

Appanah advised firms, especially those that deal with sensitive personal information, to be more proactive when clients requested detail changes.

"Some firms have adopted the rule that bank details can only be amended in person, rather than through emails or even telephonically. It may be wisest to incorporate a combination of innovative and proactive steps to mitigate some of these risks," said Appanah.

* SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

cybercrime  |  scams


Company Snapshot


Struggling power utility Eskom will take centre stage at this year's mini budget

Money Clinic

Money Clinic
Do you have a question about your finances? We'll get an expert opinion.
Click here...

Voting Booth

What do you think about private healthcare in SA?

Previous results · Suggest a vote