In the last couple of weeks the CLC has been notified of 3 almost identical cyber incidents from our regulated practices.
Hackers had secured access to an individual’s email account, probably through a phishing email.
The hacker then set up rules on that email account to either forward all emails, or emails containing key words to themselves. Key words might include sort code, exchange, bank details, payment etc.
The hacker could then send emails with revised bank account details, purporting to be from the practice to the client.
This is a variant on previous themes, but the advice and steps that can be taken to mitigate remain,
- Train your staff not to open suspicious emails,
- Run regular security checks on your IT systems for any breaches,
- Check that none of your email accounts have an auto-forward on them, (if you are unsure on how to do this, talk to your IT support)
- Only advise clients of bank account details through a secure medium,
- Advise clients to be suspicious of emails advising on any changes to bank account details, or requesting monies, and to ring if they are not sure.
In light of these incidents CLC Regulated practices are encouraged to run security checks on their systems on a regular basis, and to check their systems have not been compromised in this way.
If you have any concerns over your IT security please contact your Regulatory Supervision Manager to discuss, email@example.com