On 14 October 2019, the Legal Practice Council sent out a warning to legal practitioners about the increasing level of email fraud. They also pointed out that cybercrime is not covered by the policy provided by the Legal Practitioners Indemnity Insurance Fund.
If you are a legal practitioner who operates a trust account, you are potentially at greater risk than those who don’t operate a trust account, although nobody is immune to cybercrime threats.
A recent judgement has been granted against a firm who had their email account hacked, resulting in the firm paying a sum of over R1.7 million to a third party instead of the person who was entitled to the money. The court held that the firm had a duty to verify that the email which contained payment instructions had come from their client and not a third party source. Case info: http://www.saflii.org/za/cases/ZAGPPHC/2019/449.html
It is not enough to assume that an email is sent by a client just because the email has the client’s email address or name thereon creating the impression that the email has been sent from the client. All legal practitioners are advised to always verify instructions where the addition/change of bank details of a client or third party is required. These verifications should be done via telephone (to the number you have on record and not any telephone numbers in an email which may be suspicious), in person or by any other means necessary.
As a legal practitioner, it is your duty to implement systems to safeguard all confidential information which is communicated to you or placed in your care. Failing to do so may be viewed as unprofessional.
See the article below for additional information:
Read more on other topics on our blog.