Open menu

Latest news

  • 9th September 2014

Client Account Fraud Attack Threat

Our relationship with our banks is increasingly an online (and occasionally on-telephone one). This has brought speed, convenience, and also new opportunities for fraudsters.

We have recently been made aware of the fact that a number of firms have been victim to a fairly sophisticated scam which has allowed criminals to run off with several hundred thousands at a time from their client account.

How the scam works


Jonathan Wyles, of specialist professional indemnity solicitors, RPC, explains the fraud as follows:
  • the solicitor receives a telephone call (typically on a Friday), supposedly from your bank's Fraud Unit. They have tended to ask for the Head of Finance/Head Cashier by name.
  • This 'bank employee' goes on to say says that they are concerned about possible suspicious activity on the firm's client account, and provides information about genuine transactions from the account which you are able to confirm - thus gaining your trust.
  • Then they refer to a number of 'suspect transactions', which are indeed nothing to do with your firm. The 'bank employee' therefore confirms that these transactions will not be processed - but also that the account has been frozen pending an investigation.
  • They explain that, in the meantime, payments can still be made - with their assistance.
Where urgent payments have been required to be made, affected firms have been conned into disclosing the secure access details the criminal requires to access the account. Client money is then stolen from the account - and remember, unauthorised payments from your client account amount to a breach of the Accounts Rules - which could have significant regulatory, insurance, and reputational consequences, both for the firm, and for individuals concerned.

Steps to protect your firm

  • Circulate this warning to staff, including (but not limited to) your accounts department. Risk-Awareness is the best prevention.
  • Never give any access or security information to anyone over the telephone or in an email no matter how genuine they sound.
  • Take the callers details and call back. If you receive calls of this nature - ask for the caller's name and department. Do not use the number they have given you to call back on. Use the main contact number you have for your bank (normally your bank client relationship manager).

Full Article from Lockton: http://www.locktonsolicitors.co.uk/news/fraud-aler...