On 23 May 2018 the Trust Department was notified of a cybercrime incident involving the loss of $100,000.

The email speaks for itself:

“We sent out our trust account details to our client and advise our client to arrange payment of stamp duty in our trust account. Following our email, our client received a second email similar to ours but different and advised our client to make payment to a different account as a “new receiving bank account for transfer of stamp duty payment”. Our client has followed that forged email without confirming with us and transferred $100,000 to the wrong account last Thursday (17 May).

Our client then made the second transfer of $50,000 on Friday and her bank (St George) picked up the difference in the name of the account, where our client inserted “(name of law practice) Trust Account” in the account name and the receiving bank account is in fact in the other name. St George confirmed with our client and stopped the second transfer but confirmed that the first transfer of $100,000 has already left St George to CBA”.

Coincidently, the same day, the Department received an email from another solicitor seeking advice in relation to a matter they were dealing with, with a UK law practice. Although the matter did not relate to cybercrime the Department noted the following included in the UK law practice’s email footer:

Fraud warning: Please be aware that there is a significant risk posed by cyber fraud, specifically relating to email accounts and bank account details. Our bank account details will never change during the course of a transaction, and we will never change our bank details via email. Please check account details with us in person. We will not accept responsibility if you transfer money into an incorrect account.

The Trust Department recommends that your emails contain such a footer.