Sophisticated email and phone scams targeting the public and businesses in Ireland, including legal firms, are increasing and have been successful in stealing large sums of money.
Vishing: Your accounts department receives a call from criminals purporting to be from your bank (or other trusted organisation). The caller knows some of your personal details (such as your name and mobile number) as they hacked into your systems through an attachment to an email (inadvertently opened by someone in your office) or via malicious software through a website. The criminals request your bank account details on the pretence of a security check. If you express reservations, they may suggest you hang up to call the bank or the Gardaí. However, when you attempt to ring the bank or make another call, you are actually contacting the criminals because they didn’t disconnect the original call. Using this method, criminals have been able to deceive people into providing the financial details they need.
Phishing: You receive an unexpected email that seems to come from a law firm or a colleague, requesting that you open an attachment. The email may include content such as legal threats if the attachment is not opened, or claim that the attachment is an invoice or payment receipt. Through the attachment or link (if clicked on), they are seeking personal information such as password, credit card or bank account numbers, again with the objective of accessing your bank account.
These are just some of the scenarios people have encountered but there are steps that you and your staff can take to minimise your risk of being hacked or your personal and financial details falling into the wrong hands.
Never give out personal or financial details on the phone, through a website or in an email – a genuine person or organisation would not request this information in this way. If you receive a phone call requesting such information and you decide to ring the bank or Gardaí to confirm it is a genuine call, use a different phone to make that call.
Be very careful with passwords:
Do not use passwords that are easily guessed (birthday, 1234, etc.).
Make them unique – do not use the same password for everything.
Use a mix of letters, numbers and characters.
Change them regularly – at least quarterly – and do not make them sequential e.g. changing 2015 to 2016.
Never mention or send your login details (or financial details) by email as they are accessible in the event of a hack/attack.
Consider the use of passphrases (series of words).
To minimise someone hacking into your emails or network, you should also ensure that you:
Keep your Windows operating system up-to-date with all current patches and security updates installed.
Install anti-virus software, keep it up-to-date and scan regularly. Ensure the anti-virus software is a dedicated business package rather than a consumer product.
Do not open attachments from unknown senders and be extra cautious opening an unexpected attachment from a known sender. You can scan attachments with your anti-virus solution if you have any doubt.
Do not download apps from untrusted websites.
Be extra careful downloading software from the Internet to ensure you are not opting in to download additional software.
If you have any doubt about a call, email or website, it’s better to be cautious and contact your IT department or consultant. You should also report any suspected attempts at identity fraud to the Gardaí.