This is a warning to all conveyancing attorneys and their clients
Cyber scammers are targeting conveyancing attorneys because they know that there are large money transfers going back and forth.
Using a "spearfishing" technique they target vulnerable employees of the law firm. Once their target has taken the bait they then have access to the firm's computer system. The scammers then create a rule that forwards all emails with target keywords in the subject line, such as, INVOICE, STATEMENT etc.
Once they receive those emails, which usually contain the firm's bank account information for the client to deposit the money, they create a new invoice with all the firm's information but they change the banking details. They then send the email on to the client explaining that, for some reason or another, the banking information has changed and the client should use the banking information on "this invoice".
The email address has either been "spoofed" so it will look as though it came from the law firm.
In addition to the email rule mentioned above, they would have created a second rule that forwards them all email directed to the firm's email address that they used, not only does this rule forward all those emails to the fraudster but it also deletes the original so it is never received by the firm. The money transfer goes into the fraudsters account and is never seen again.
The banks will deny all liability in these cases even though the accounts are usually new accounts and suddenly a large amount is transferred into the account and almost immediately withdrawn, sometimes in cash. You have to ask how no alarm bells started ringing.
Law firms must ensure that their anti-virus software is updated regularly and that their firewall is configured correctly. Have training sessions to educate your staff on the signs of a phishing email and how to prevent it, do not put your company executives on your website. And for the clients, if you receive an emailed request to change banking information from the law firm call the to verify the information. Do not call any number that appears on the email but use the number you have on file for that law firm.