Last week four Cybercrime incidents were reported to the Trust Accounts Department.
The hackers were successful in relation to three of the incidences and failed in relation to the fourth.
One concerned two law practices involved in a Family Court matter and an order made for $50,000 to be paid from one of the law practices to the other. One of the law practices emailed the other and requested the Trust Bank Account details where the $50,000 was to be deposited.
There had been a sequence of emails and it is apparent that the emails between the two were being monitored and at the crucial time the hacker stepped in with their own bank account details and the $50,000 has been stolen.
The receiving law practice’s email address concluded with “….com.au”. Of significance is that the hackers email address is similar until we get to the concluding letters “….-au.com”.
Another, involving $65,000, was in respect to a payment from the trust account made in response to a fake email being received by the law practice, ostensibly from the client, giving incorrect bank account details. (Full details not in at time of submission of this alert.)
The third involved $57,000 in respect of the payment by the client, based on her receipt of a fake email ostensibly from the solicitor. The bank account bank account details shown were not that of the solicitor’s trust account. (Full details not in at time of submission of this alert.)
The failed attempt at $1,300,000 was foiled due to the fact that although the client had received a fake email nominating the trust bank account details to which the client was to transfer the money, the client mentioned the payment to the solicitor’s secretary who immediately became alarmed. (Full details not in at time of submission of this alert.)
Although full details are not in at the time of submission of this alert for the last three incidences, the Trust Accounts Department is aware that they all involved the hacker monitoring emails between the relevant parties.