Here's how cyber criminals are targeting attorneys in scams to steal cash | Fin24
  • Load Shedding Schedules

    Find information for Johannesburg, Durban, Cape Town and other cities.

  • Another Rescue?

    Edcon | Is there appetite from creditors to extend another helping hand?

  • Tough Times

    SA restaurants face job cuts and possible closures as lockdown continues.


Here's how cyber criminals are targeting attorneys in scams to steal cash

May 14 2018 12:34
Duncan Alfreds

Attorneys are the latest targets facing attack by cyber criminals intent on stealing money.

According to research conducted by Stalker Hutchison Admiral (SHA) Specialist Underwriters, attorneys have proved to be vulnerable to spear phishing attacks.

In these scams, cyber crooks send a conveyancing attorney a fraudulent email purporting to be from a home seller.

"The approach is simple. The attorney firm is instructed by a client to register the sale of a property. Once the property is registered at the Deeds Office, the proceeds of the sale are due to the seller," Christopher Appanah, claims team leader for PI and liability at SHA, told Fin24.

"It is at this point that cyber criminals make their move. The attorney is sent a last-minute email alleging to be from the seller, requesting that the seller's banking details be amended. The proceeds of the sale are then diverted to the hacker's account."

Three contributing factors

This correlates with research by Mimecast, which found that 90% of all cyber attacks began with an email.

Appanah said that three factors made attorneys vulnerable to this kind of targeted attack.

"First of all, attorneys are not infallible. There is a perception that has been created that an attorney cannot falter in the performance of their professional duties. If this [were] the case, then there would be no need for professional indemnity insurance."

He also said that cyber attacks had evolved from simple schemes to sophisticated fraud, where crooks create content that closely mimics official websites and emails.

The differences may be extremely subtle, for example substituting a "1" for an "I", or a name like "Petersen" may be spelled "Pietersen" in an email. In a high-pressure environment, mistakes may be overlooked easily.

"Finally, there can be an increase in risk, where the attorneys themselves do not attend to the so-called non-professional tasks or administration-related tasks, which do not require the application of their particular professional judgment," said Appanah.

"These tasks may be assigned to staff who may not necessarily be aware [of] or alive to the potential risks that lurk within cyber interactions."

Appanah advised firms, especially those that deal with sensitive personal information, to be more proactive when clients requested detail changes.

"Some firms have adopted the rule that bank details can only be amended in person, rather than through emails or even telephonically. It may be wisest to incorporate a combination of innovative and proactive steps to mitigate some of these risks," said Appanah.

* SUBSCRIBE FOR FREE UPDATE: Get Fin24's top morning business news and opinions in your inbox.

cybercrime  |  scams


Company Snapshot

Voting Booth

Do you support a reduction in the public sector wage bill?

Previous results · Suggest a vote