Protecting your legal transactions from fraud

Spotting a scam email can be tricky, fraudsters try very hard to make emails look as genuine as possible. Which.co.uk has some useful guidance to help spot scam emails. Remember, if in doubt, contact us to check any emails you are unsure of.

1. Check whether the sender’s address matches the website address of the organisation it says it’s from. Roll your mouse pointer over the sender’s name to reveal its true address. 
2. Check the senders address is genuine. Check for any characters that have been swapped e.g swapping “i” for “l” or “o” for “0”.
3. The email doesn’t use your proper name – using something like “Dear customer” instead. 
4. There’s a sense of urgency, asking you to act immediately. 
5. There’s a prominent website link which may seem like the proper address, but with one character different. 
6. There’s a request for personal information. 
7. There are spelling and grammatical errors. 
8. The entire text of the email is within an image rather than the usual text format and the image contains an embedded hyperlink to a bogus site. Again, roll your mouse pointer over the link to reveal its true destination. Also check any images contained look professional, look at the quality of any logos contained.
9. Check with the company who purportedly sent the email to get reassurance that it is genuine. Call the company using a phone number from the company’s official website or directory listing.

Sharing personal and financial information online or via email when making purchases or registering for services has become routine. Criminals are aware of this and often target personal data to deceive customers into making unauthorised payments or providing sufficient information to gain access to and control accounts.

Ways you may be targeted:

A change to bank details

One way clients are tricked into sending funds to fraudsters is by being sent alternative bank details asking for payment. The bank details may look like they are being sent by a company you are dealing with such as a solicitor, bank or agent notifying you of a change to their bank details or asking for an unexpected payment. However, you may in fact be being directed to make a payment into a bogus account set-up for the purposes of fraudulently obtaining funds. 

At Hegarty our bank details are contained in our client care letter and invoices. Our bank details will not change. Please telephone us on our usual office number 01733 346 333 to verify bank details before sending us any money if you are at all unsure.

Should you receive any communication purporting to be from us that doesn't look genuine or with a change of bank details please immediately telephone us on our main office number.

Email Impersonation

Fraudsters can email using similar looking email addresses such as johnsmith@hegarty.net instead of john.smith@hegarty.co.uk, or by changing certain letters such as j0hn.smith@hagarty.co.uk or jon.smith@heggarty.co.uk. A fraudster may email with what appears to be a genuine email discussing your matter and then request payment to be made into a fraudulent bank account.

Interception of emails

Hackers may intercept emails between individuals and their law firm using increasingly sophisticated attacks on email systems. The fraudster then requests payment to be made into a fraudulent bank account.

Phishing, vishing and smishing

Phishing, vishing and smishing often involve building a personal relationship with a victim and obtaining personal details usually resulting in the request for money to be paid into a fraudulent bank account. The difference between phishing, vishing and smishing is the medium used, phishing is via email, vishing via phone and smishing via text or SMS. A fraudster using email or telephone will attempt to obtain confidential information via a link or by replying to the communication.

Malware

A harmful software that disrupts, spies on, damages or attempts to gain unauthorised access to a computer . A particularly dangerous form, ransomware, encrypts files and demands a ransom in return for a decryption key.

We know that scams are increasingly sophisticated and can take many forms. At Hegarty, we take cyber security very seriously and are vigilant for attempts to target staff and clients using fake emails, letters or phone calls.

To protect our staff, firm and clients from such scams we have robust IT systems and procedures in place including:

• Multiple layers of anti-virus and malware protection.
• Use of access controls such as multi factor authentication.
• Use of the latest IT systems with backups. 
• Regular staff training on cyber security and data protection. 
• Government backed Cyber Essentials certification.