This page sets out some of the principal forms of fraud and ways that firms can mitigate risk.
If you think you have been the victim of fraud, you muct act quickly and inform:
You should also discuss with your client what has happened.
A fraudster contacts you, either by phone or by email, claiming to be from your bank and requesting specific details, or to make the lawyer aware of certain activities on the account which they consider to be suspicious.
The lawyer then contacts the bank, either by email or by returning the call and provides the level of detail needed for the fraudster to access the account and steal the monies.
Check that a call is really from your bank. Call your bank back on a number you know is genuine and verify the details with them.
Your bank will never ask for security information. Never disclose log-in details, passwords or other security information. Ensure that your staff also know never to do this.
Limit the number of staff who need to have access to banking details.
Do not allow third parties to remotely access your systems.
A fraudster contacts you by email or phone, claiming to be the client to advise you that they have changed their banking details.
Payment is then made to that account.
Double check with clients, by phone or another means of contact, should they ever indicate that bank details have changed.
Have a number of means of contacting clients, including phone, email etc, and utilise them should key information be changed.
Consider providing clients with a security number or password which they should use when contacting you.
A lawyer sends the client details of the practice’s bank account by email, the fraudster then sends on another email apparently from the lawyer advising the client that the bank details have changed.
Client then makes payment to the fraudsters account.
Do not give out banking details by email.
Advise clients in initial, and ideally all, correspondence that bank details will not be changed, or if they are communication will not be sent by email on this matter.
Check on expected payments regularly and contact clients accordingly.
An email that seems to come from a CEO or some other senior member of staff asking you make an urgent payment outside of normal procedures. It’s become very easy for fraudsters to manipulate the characteristics of an email, including the sender address, so that it looks genuine, but when the money is transferred , it goes straight to an account controlled by a criminal.
Always verify any requests to transfer money by a new method or that seems unusual
Make all directors and finance staff with bank account access aware of this particular risk and make sure they do not ignore protocols, whoever seems to be sending the request
Similar to the email fraud above a criminal can investigate business invoice details (even down to payment dates) and then pose as regular suppliers asking the firm to change bank account
Always verify with that supplier using their on-file details.
Warn everyone inside the company of the dangers of invoice fraud, and make sure everyone knows to always check invoices to identify potentially fraudulent transactions as soon as possible.
|CookieConsent||https://www.clc-uk.org/||Stores the user's cookie consent state for the current domain||1 Year||HTTP|
|_ga||https://www.clc-uk.org/||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||1 Year||HTTP|
|_gat||https://www.clc-uk.org/||Used by Google Analytics to throttle request rate||Session||HTTP|
|_gid||https://www.clc-uk.org/||Registers a unique ID that is used to generate statistical data on how the visitor uses the website.||Session||HTTP|
|collect||google-analytics.com||Used to send data to Google Analytics about the visitor's device and behaviour. Tracks the visitor across devices and marketing channels.||Session||Pixel|
|GPS||youtube.com||Registers a unique ID on mobile devices to enable tracking based on geographical GPS location.||Session||HTTP|
|VISITOR_INFO1_LIVE||youtube.com||Tries to estimate the users' bandwidth on pages with integrated YouTube videos.||1 Year||HTTP|
|YSC||youtube.com||Registers a unique ID to keep statistics of what videos from YouTube the user has seen.||Session||HTTP|