Cyber Security Alert
2 May 2022
CYBER SECURITY ALERT
Forever VIGILANT – Unauthorized Direct Debits from Trust Accounts
The Trust Accounts Department continues to emphasize the importance of being VIGILANT.
In the previous weeks, 2 law practices have identified and reported significant and unknown Direct Debits to their trust accounts held with the Commonwealth Bank.
In both instances, the law practices identified the direct debits very quickly and reported them to the Commonwealth Bank. The amounts involved were $11,052.70 and $9,406.15.
In one instance the Commonwealth bank allowed the trust account to be overdrawn. Not like the good old days, when if there were insufficient funds in your trust account and you drew a trust cheque that cheque would bounce.
As previously reported, some clients have chosen to pay their bills/invoices by direct debit from their solicitor’s trust account. This can be to any business/organization that is registered to direct debit bank accounts. All one needs to have, is someone’s bank account details.
Close Call
Since the last alert a law practice reported that their client’s computer was compromised, and Rule Changes were made to Outlook. When the client forwarded an email to the law practice the hacker intercepted the email and changed the bank account details as to where they wanted the money sent.
In response to the falsified email, the law practice transferred $111,000 to the hacker’s account. Fortunately, the law practice and the client were in communication with each other at the time and the law practice contacted its bank and they were able to freeze and then recover the money.
Ransomware
At the time of preparing this alert yet another law practice has been attacked by ransomware and trust records and other data were lost. The Trust Accounts Department encourages all law practices to contact both the Department and Lawcover for assistance through this difficult process.
Retribution
You may recall that in the last Alert the writer stated “The Australian Signals Directorate through the Australian Cyber Security Centre (ACSC) has put its ALERT STATUS to HIGH.
There has been a historical pattern of cyber attacks against Ukraine that have had international consequences. Australia has had a history of increased State-sponsored cyber security activity after it has offended the countries in question.
ACSC recommends that everyone should adopt a posture of enhanced cyber security posture and increased monitoring for threats to help to reduce the impacts to Australian organisations.
It seems that Australia has not only been upsetting Mr Putin, but China as well. Please be VIGILANT.