The Queensland Law Society (QLS) has issued an urgent warning to firms, the Brisbane Times said. The attacks are what are known as social engineering hacks, where hackers manipulate targets into completing tasks for them.
“The precise method of attack varies, but the essence is that the criminals obtain access to the firm’s email accounts and use this to misdirect trust money or settlement funds. Some thefts have been of money going to the trust account, others involve money incorrectly paid out,” said QLS president Christine Smyth.
Both legal practitioners and clients have lost money in the scheme.
“Although conveyancing transactions have been hardest hit, any movement of trust funds is at risk,” Smyth said.
The attacks that have hit Queensland law firms have two phases. The first stage involves hackers posing as potential clients and striking conversations with lawyers and conveyancers. They then send a link to documents, which are actually phishing attempts that prompt the mark to enter their email and password for access.
The hackers then monitor the email address and wait for emails about settlements and payments. The hackers gather details like deadlines and then email clients reminding them to pay, but now including details for their own accounts.
“They are quite cunning. They're not auto-bots, they are people who speak good English, answer in a convincing away and come with a backstory,” Smyth said.
She said that her firm now receives emails like this every day.
“It's something we talk about with staff on a daily basis, as soon as you are asked for email credentials then pull back,” she said. “But a smaller one-man-band firm with a junior staffer may not be so alert.”
Appleby strikes back
National firm launches rapid-response cyber-security team
Queensland law firms have fallen victims to hackers who have cost them millions of dollars.