This is something that is happening more often in our local conveyancing circles. It seems law firms seem to think “it happens to others, but not us.” We I have news for you…there is no reason why your firm could not be the next victim, unless you take steps to prevent it.
I know everyone wants to know who the firm is, for some strange reason that is the way humans are wired, but I am not going to name or hint at the firm – the reason for this post is to help all conveyancers take steps that will curb this crafty hacking and force the hackers to start focusing on other areas, hopefully far away from South Africa and our property transfer systems.
Carte Blanche last year revealed that The Fidelity Fund had rejected 110 claims for cybercrime which totalled R85 million and that they no longer cover cases of cybercrime.
How do the hackers get the money?
The hacker gains access to your webmail email, by using password hacking tools. Email names are not difficult to work out and password hacking tools will find a weak password surprisingly quickly. They then check through the email and find a matter that can be manipulated – I would imagine a large sum and somebody who seems comfortable with using email as the communication tool of choice.
The hacker registers a domain name with a slight difference to the law firm’s domain – this will take a day and is easy to do. It costs about R150. For example: If the domain for the law firm is SAlawfirm.co.za, they will register something like SAlawflrm.co.za. Once the domain is registered, they will create an email account of the person at the law firm on this new domain. So now they can impersonate the law firm person and redirect the client to start communicating with them, instead of the law firm.
The hacker creates the email look exactly like the law firm, same signatures etc.
The hacker tells the client to deposit the property money directly into their bank account.
When money is transferred the hacker moves the money, closes bank account or changes the details so that they are not tracible. (Not sure how with the FICA etc, the banks do not detect suspicious fraudsters straight away. When I have applied for bank accounts, I feel like a criminal being interrogated!)
I called The Legal Practitioners Fidelity Fund around 6 times. First the main switchboard did not get answered, I tried 3 times. Then I called later in the day, to be put through to an extension which just hung up on me. I then called again telling the operator about this issue and she put me through again, with the same result. I then called back and asked for a different person, same issue. I then called the Cape Town office and was given an email address of Ernest in Gauteng and the person on the line from Cape Town assured me that he would reply to the email. I got an automated email response to say he was on leave for the week. I sent an email to the address on the website, but I don’t expect an answer! Wow, imagine if I had to rely on this institution for my business!
Because of the volume, pressure and craftiness of the hackers, it really is difficult to put the blame on either party in this matter. The fact that the webmail account was hacked, means that the user’s password was not strong enough to prevent the first step in the hack. The property client could be to blame for not making sure the email was actually the law firm’s email. But, one single letter being changed does not jump out at you. So very difficult to find blame, but the end result is a very large chunk of money which has been stolen.
Catching the hacker
In first world countries, there is a small chance of the hackers being found and charged and hopefully getting the money back, but here in South Africa, I very much doubt the fraud department of SAPS will be as effective.
Prevention is better than cure…
Tune in next week for the second part of this topic, where we will offer a few steps that can help prevent your email being spoofed and money redirected away from the intended recipients.