Recent failed fraud attempt

25/06/2024 10:19:36

A solicitors’ firm has alerted the Law Society to a sophisticated recent attempt to obtain access to its bank account.

The attack

A support staff member in the office received a call from someone purporting to be from their bank. The caller knew the staff member by name and said that a transaction processed that morning had been flagged as suspicious.

The staff member was asked to join a live chat to verify the transaction and assured that they would not be asked to log in. The website for this live chat appeared to be a genuine bank site, with a website address referencing the bank and ’support’.

However, the staff member was asked to ‘accept access’ for the bank which raised a red flag. On questioning, the caller told the staff member that they needed to verify identification details on the live chat and that no details of the transaction could be disclosed until that was done.

The caller became extremely persistent warning that, if the staff member did not do as instructed, a hold would be put on the account and a representative of the firm would need to go to the branch in person. When asked what branch, the caller said that any branch would suffice, and was unable to answer which branch of the bank held the firm’s account. The caller also refused to answer questions about the IBAN of the account and kept demanding information before giving up.

Protecting your firm and clients

When the IT support team at the firm accessed the site, which had been closed by the staff member, they received the warning screen below.

Dangerous site screen warning

This focused and sophisticated attempt is a reminder that all staff in a firm need to be careful and vigilant. Avoid accessing a website on the foot of a call from an unknown number, and always be prepared to question demands for confidential or login information.