Risk Alert Bulletin - December 2020

Risk Management Column: Scam Alert

The increase in cybercrime incidents in 2020 is well documented. Locally and abroad, legal practitioners and their staff working remotely as a result of the COVID-19 lockdown measures have been identified as one of the the economic sectors targeted by the cyber scammers. People working from home, it has been said, may have lower alertness to cyber risks. In some instances, the required information technology (IT) security and other risk management measures implemented in the office environment may not have been deployed in the homes of staff working remotely. Some legal practices had to make hasty arrangements to ensure that their operations could continue remotely, and IT security considerations may not have received the appropriate attention. The result is that cyber security vulnerabilities have been aggravated in some instances.

Cybercrime related claims make up the highest number of excluded claims reported to the Legal Practitioners Indemnity Insurance Fund NPC (the LPIIF). Since the beginning of 2020, the LPIIF has been notified of 194 cybercrime related claims with a total value of R130 128 918.

The constant flow of cybercrime related notifications is a serious cause for concern as it shows the extent to which South African legal practitioners continue falling victim to cybercrime.

It will be remembered that cybercrime related claims are excluded from the LPIIF Master Policy (see clause 16(o)).

The extent of cyberattacks against law firms, globally, is highlighted in the article entitled ‘Law Firms’ Reported Cyberattacks Are ‘Tip Of The Iceberg’  by Xiumei Dong. As noted by the author, many of the cyberattacks go unreported. The article highlights the cybersecurity vulnerabilities in remote working and the fact that the full extent of the attacks may be more severe than currently reported.

As we approach the end of 2020, cybercrime may increase as cybercriminals seek ill-gotten windfalls ahead of the festive season. The cybercriminals, primarily, seek access to the finances and data held by legal practitioners. Several legal practices have also been targets of other forms of cyberattacks such as ransomware attacks.

Everyone in the legal practice must have a heightened alertness to cyber related scams and other scams. Cybercriminals succeed when the guard is lowered – do not let your guard down!

A lot can be written on scams, but, for present purposes, I will highlight just three of the many variations of scams targeting South African legal practitioners.

Scam 1 – The fraudulent change of banking details

Scam 2 – The Fidelity Fund overpayment of audit fee refunds

Scam 3 – The ‘cat fishing’ scam

Thomas Harban
General Manager,
Email: thomas.harban@lpiif.co.za
Telephone: (012) 622 3928

Risk Alert Bulletin December 2020