News and information from the world of
regulatory compliance and risk management

“Be vigilant” – SRA warns after new bank scam
24 April 2015

The Solicitors Regulation Authority (SRA) continues to call for extra vigilance across the sector after a small north east conveyancing firm became the latest victim of telephone bank scammers.

The firm lost a significant amount from its account and the crime follows two further serious telephone scams in March this year. In each case the callers have used a technique known as “social engineering” to gain the confidence of those they call and obtain information to access accounts.

They ask for “challenge and response” codes, which are then used to authenticate payments and in some cases digital banking log on and password credentials. Four firms were targeted in this way in November last year.

Robert Loughlin, Executive Director of Operations & Quality, said: “We are very concerned about this continuing activity. The fraudsters are highly sophisticated in their approach and their script makes them sound as though they are genuinely who they say they are.

“Solicitors throughout England and Wales are raising this serious issue as one of their major concerns in general discussions with us. We are aware of firms of all sizes receiving calls, this isn’t something that affects just one sector of the profession.

“All firms should ensure that their own internal systems for guarding against scams are up-to-date and that staff know how to implement them.”

Banks will never ask for passwords or account related details over the phone. If employees are concerned about the authenticity of a caller, they should terminate the call and make further enquiries. To validate callers, firms should contact somebody they already know at the bank, using a separate telephone line, eg a mobile line. There have been examples of the scammers keeping telephone lines open, to intercept an outgoing call.

The SRA put out a paper to accompany the 2013/14 Risk Outlook spring update in February last year which outlines the ways con artists could attempt to obtain office or client account details and other sensitive information.

read more articles