Monday, 19 February 2018

Risk Alert: 10 tips to protect you from email fraud

In December, the Law Society and Law Mutual (WA) informed you of an email scam which had targeted multiple Australian law firms.

With law firms under a duty to replace any lost client funds, the financial burden of email fraud attacks could be crippling. Here are 10 tips to protect against email fraud.

1. Stay alert when someone you don’t know contacts you – no matter who they claim to be. Often fraudsters will claim they are from a named law firm or a bank, or they will claim to be a third party appointed to represent the law firm or bank.
    
2. Never reply to an email immediately. Take your time and reply in a considered manner providing the opportunity to correct the email or have second thoughts as to the security of the recipient. Fraudsters often use urgent requests to panic recipients into thinking they must respond quickly.
    
3. Train all staff to scrutinize any email that asks for confidential information including client details, logins and passwords, personal data and anything financial. Remember that as with banks, legitimate senders will never seek sensitive information by email.
    
4. If someone calls asking for firm or client personal details, end the call. Then call the organisation back at a telephone number found on their official website.
    
5. Beware of emails and requests that are badly spelled, grammatically incorrect or use idiomatic phrases and expressions that sound as if they have been translated by someone for whom English is not their first language.
    
6. Do not redirect or forward emails from an office email account (which might be a secure account) to an external or personal email account such as Hotmail or Gmail. This is not only insecure but could have data protection implications as well.
    
7. Never put confidential information in the body of an email or in an attachment unless it is encrypted. In addition, the encryption password should be communicated to the recipient via an alternate channel to email. That means texting or, preferably, ringing the recipient.
    
8. When transferring funds, test it by making a small payment first before going through with the final transaction.
    
9. Have a strong password policy whereby all staff are required to change passwords on a regular basis.
    
10. Check the privacy policies of external websites and newsletters to ensure details will not be sold on as part of a mailing list. A considerable proportion of spam is the result of sites that have passed on or sold your details to another company.

Remember, Law Mutual (WA) has a number of sample controls and resources to assist practices in implementing cyber security measures, available on the Law Mutual (WA) website.

Law Mutual (WA) insured practices are reminded that losses as a result of cybercrime may not be covered under the Law Mutual (WA) Professional Indemnity insurance arrangements; cover will depend upon the facts of each individual case.

*This Risk Alert is adapted from an article published by the Law Society of England and Wales