The New Zealand Law Society has issued a warning to lawyers and their clients following recent incidences where a law firm or client’s email system has been hacked and false instructions have been issued by the hacker.
The Law Society’s financial assurance manager Jeremy Kennerley told NZ Lawyer
that there does seem to be an increase in cases of online hacking within the legal profession, thanks to a couple of recent trends.
“The first is use of email and the prevalence of email instead of waiting for a standard letter, and the other thing is that businesses have gone more global. Clients are living overseas, so there’s reliance on communication of distances and time zones,” he says.
If a lawyer receives a client email asking them to carry out a transaction, it would be a good idea to try and have a direct phone conversation to confirm the instruction, says Kennerley, adding there have also been instances where a law firm’s email system has been taken over by criminals.
In one case, the hacker had control of both the lawyer’s and the client’s emails and instructed the lawyer to deposit funds into a specified account.
The hacker then used the lawyer’s email to advise the client that everything was under control and reassure them about the delay in an expected deposit being credited to the account. This bought the hacker time to escape unscathed with the money.
But to viably pull off such a scam without raising the suspicions of lawyers or their clients, the hacker must need to know something about the nature of their relationship, says Kennerley.
He wonders whether some hackers are running spyware that monitors both email accounts in order to extract the information needed to have a fake email conversation.
And although of course lawyers aren’t the only profession targeted by such criminals, they are probably one of the more common - and increasingly so.
“Lawyers by the nature that they have trust accounts with public money make them a target. Also, lawyers are the first trusted advisor of the traditional family - they are the first person you go to – so there is a high level of trust with a client.”
Kennerley and the Law Society are advising lawyers to assume the emails they receive may not be genuine, unless they use an encrypted system. However, even an encrypted email is only as safe as the password used, he says.
Another suggestion if the client is not easily contactable by phone is to verbally agree on a ‘safe’ or ‘code’ word or phrase which can be used in the email to verify identity and authenticity.
The issue needs to be taken seriously as hackers have syphoned off six and even seven figures in the past.
“I’ve worked in this job for two years and in the last year I’ve had phone calls around money laundering and suspicious transactions where I didn’t in the first year. It does seem to be an emerging trend,” says Kennerley.