This attack began by the solicitor clicking on a link in an unexpected email that was received from a fraudster.

Similar to previous attacks, the solicitor was unaware they were hacked. Consequently the hacker was able to stalk the inbox and create rules to automatically divert emails from particular clients. The hacker also created a new email address that was very similar to the solicitor's own email address. This enabled the hacker to contact the client directly. From reviewing the emails, the fraudster was able to identify that a number of transactions were about to occur and as result emailed the clients seeking a transfer of monies to a bank account outside the State. The clients then made the transfers to the hacker's bank account. 

Protecting your firm

To counter this type of fraud, it is recommended that solicitors and their support staff be suspicious of any unsolicited or unexpected emails. Solicitors can verify any link in an email by hovering the mouse over it and checking the web address that subsequently appears in a pop up box. This pop up box will indicate the web page you will land on should you click on the link. Accordingly, your expectation of the web page you intend to land on should match the web address in the pop up box. Also, solicitors should treat any attachment contained in an unsolicited or unexpected email with suspicion and confirm its validity with the sender prior to opening.

It also recommended that solicitors make their clients aware that bank account details will never be provided by email and if they are, it is to be assumed they are fraudulent. Clients should also be informed that a solicitor is prohibited from holding a client bank account outside the State and any request to send money abroad should be immediately reported to the solicitor and not acted upon.