The Brisbane Times has recently published an article outlining a sophisticated digital scam that has seen two Queensland law firms losing several millions of dollars after falling victim to scammers.
The cyber criminals sent an email scam under the guise of a potential new client - once the law firm’s victims clicked on the email hackers quickly took over the email accounts of staff at the law firms and hijacked payments from their clients.
The process for getting access to the staff members' emails is outlined below:
- The scammer emailed the law firm expressing interest in using their services
- Once the scammer says they will go ahead and use the services of the firm they send a link with 'documents' that the firm will need which requires email and password for access - this is the step the hacker requires to gain access to the login details to the staff member
Once they have hacked into the computer the next step for the hacker is outlined below:
- The hacker monitors the legal staff member’s email account watching for info about payments
- Once they see an opportunity to gain access to money from the client, the scammer poses as the law firm and reminds them of payment and provides information for a bogus bank account rather than the trust account info.
The scam is difficult to detect, and it can be very challenging for law firms and clients to notice any suspicious activity until it is too late.
Companies across all industries should be vigilant to ensure that scammers and hackers are kept at bay by ensuring a wide range of security measures are in place for all correspondence and online data.
Keeping up to date with cyber crime and the scams being activated can be a challenge, however by taking appropriate steps to protect data companies can ensure the highest level of protection from hackers and scams.
Read original article here