A Dublin law firm transferred €97,000 to cyber criminals after its email systems were hacked, the Law Society of Ireland reports.
The crooks intercepted emails about a mortgage redemption, altering one in which the client’s bank account details were listed.
The misappropriated funds have since been withdrawn from the crooks’ account, and the law firm’s loss will be covered by its cyber crime insurance policy.
Don’t rely on email
In response to the incident, the Law Society of Ireland said that “members of the profession are advised that as far as possible, they should not rely upon bank account details received in an email.
“However, in cases where this is done, it is imperative that the individual transferring the money is the person verifying the account details. The profession is reminded that both external and internal emails have been intercepted and the details amended.
“It is recommended that, when contacting the sender, obtain his or her phone number through the Law Directory, phone book etc. Do not use the phone number contained within the email.”
It also recommends that anyone who suspects they have received a fraudulent email:
- Change their email passwords immediately;
- Contact IT providers for further advice; and
- Run anti-malware software.
Understand the threats
As far as email scams go, this one would be practically impossible to spot, because the crooks intercepted a legitimate email and made a minor adjustment. But as the Law Society of Ireland writes, the law firm’s mistake wasn’t in trusting this specific email but in trusting the security of its email systems.
There are countless ways for criminals to exploit emails. Some of them are as hard as this one to detect, such as BEC (business email compromise) schemes, whereas others are less sophisticated, such as standard phishing, but they all rely on employees assuming the message is legitimate.
Once employees understand the risks of email, the less likely it is that they’ll fall for any kind of scam.
You can take action by enrolling your employees on our Phishing Staff Awareness Course.
We break down how phishing emails work, how you can spot them, what you should do when you receive one and what happens when people fall victim.