Beware the Email Invoicing Scam

In the age of digital communication, safeguarding our clients' interests is at the core of everything we do. Unfortunately, with the rise of technology comes an elevated risk of cybercrime, including email scams. We take pride in our unwavering commitment to protecting our clients from such threats with telephone verification of account details, however, these types of scams are becoming increasingly clever.

In this article, we delve into a real-life incident recently reported in The Sydney Morning Herald - a disturbing example of an email invoicing scam that targeted a client who was purchasing a home. This article serves as a warning of the importance of robust cybersecurity practices for both professional services firms and their clients.

The Scam: A Closer Look

The scam detailed in the article involved a criminal hacker who hacked into a client's or their conveyancer’s emails and intercepted communications between the client and their conveyancer.

The client had received an email that, at first glance, appeared to be from his conveyancer, regarding the purchase of his first home. The email meticulously contained all the correct particulars about the new property. What appeared to add to the authenticity was the inclusion of trust account details for the payment, and an account name that perfectly matched the conveyancing company he had entrusted with this transaction. The email requested the sum of nearly $275,000 to facilitate the impending property settlement.

Regrettably, in this instance, the client deemed the email as genuine and proceeded with the transfer, ultimately leading to the loss of a significant portion of his funds.

Cybercriminals’ Tactics

This incident, which targeted a client in the midst of a home purchase, demonstrates the lengths to which cybercriminals will go to perpetrate their deceptions and serves as a stark reminder of the indispensable need for resilient cybersecurity practices within professional services firms and their clients. While such firms will likely do all they can to mitigate the risks of cybercrimes, cybercriminals often target personal email accounts, where they can discreetly manipulate vital information. Their tactics encompass deceptive domain names, modified account details, and the painstaking replication of email content, even replicating warnings about cybercrime!

Bradley & Bray’s Cybersecurity Measures

These types of cybercrimes underscore the importance of cybersecurity measures, a responsibility we take very seriously. Here's what we do to mitigate risk:

1. Client Verification by us: Our firm’s policy is to directly confirm bank details and other sensitive information with clients via phone, especially concerning financial transactions.

2. Client’s verifications: We strongly encourage our clients to reach out to us directly (by phone to our landline) to confirm account details if they receive any requests or confirmations via email (or other electronic communications). This is for communications from us or anyone else asking the client for payment and we advise clients to only verify account details by calling a number they trust.

3. Cybersecurity Vigilance: Our team is well-versed in recognising the signs of phishing emails and other cyber threats. We prioritise cybersecurity awareness training to ensure everyone in our firm is vigilant against scams.

4. Enhanced Communication Security: We employ encrypted email services to bolster the security of our communications. Encryption adds an extra layer of protection against unauthorised access to sensitive information.

5. Multi-Factor Authentication (MFA): MFA is enabled for all our email accounts and critical systems. This additional layer of security ensures that only authorised personnel can access sensitive data.

6. Regular Updates and Patching: We diligently keep our email and IT systems up-to-date with the latest security patches to mitigate vulnerabilities.

 Safeguarding Your Interests

The rise of technology has undeniably brought about incredible advancements, but it has also ushered in an increased risk of cybercrimes, particularly email scams. In this digital age, safeguarding our clients' interests remains paramount in everything we do at Bradley & Bray. Our unwavering commitment to protecting our clients from these threats is at the core of our practice.

While we employ stringent telephone verification protocols to verify account details, these sinister scams continue to evolve and become more sophisticated. We recognise that client email accounts can be compromised without their knowledge. Therefore, we always emphasise the importance of not depositing money into an account nominated by us without first calling us to verify the account number by phone (and to only call a number they trust). Additionally, we will not use bank account details supplied by clients without thorough verification by a phone call first.

At Bradley & Bray, we understand the gravity of the situation and have taken significant steps to improve our cybersecurity measures. Your security is our top priority, and together, we can navigate the digital landscape whilst staying vigilant against cyber threats.

Disclaimer: This article is general in nature and does not constitute legal advice. If you require legal advice in relation to your personal circumstances, you must formally engage our firm, or another firm to provide legal advice in relation to your matter. Bradley & Bray lawyers takes no responsibility for any use of the information provided in this article.

You might also be interested in

If you need advice about this or any other matter, contact us today.