Cybercriminals have been impersonating bank security and staff to steal money
The Law Society of Alberta has issued a warning to lawyers about scams being perpetrated by cybercriminals to steal money from trust accounts.
The legal regulator said that in recent weeks, it had received reports of such criminals impersonating security or trust safety personnel from lawyers’ banks and obtaining access to trust accounts through social engineering tactics. The cybercriminals then electronically transferred monies out of the accounts.
The Law Society explained that lawyers and their trust accounts were “high-value targets” for many different types of cybercriminals.
“Our digital landscape is constantly evolving, and it is crucial to remain vigilant against a wide array of sophisticated cybersecurity threats. In recent years, there has been an alarming rise in social engineering attacks — where cybercriminals disguise themselves as trusted accounts or organizations to deceive unsuspecting recipients — as well as business email compromise attempts, which can result in fraudulent financial transactions and unauthorized access to sensitive data,” the organization said in a statement.
The Law Society reminded lawyers to be wary of unexpected emails and phone calls from supposed bank staff. It cautioned those who received such communications to end the interaction and get in touch with their banks via the banks’ primary means of contact.
Moreover, the legal regulator urged organizations to conduct regular training on cybersecurity and social engineering to educate both employers and employees on recognizing and reporting impersonation attempts and efforts to compromise business emails. The Law Society also encouraged organizations to adopt strict email authentication protocols to confirm the legitimacy of received messages and flag fraudulent communications.
Finally, it called for organizations to implement multi-factor authentication and strong password management practices to secure critical programs like business emails and bank login details. The Law Society encouraged lawyers to adopt secondary authentication for bank transactions like withdrawals and electronic funds transfers from trust and general accounts.
