FEBRUARY 2025 – ARTICLES & ITEMS OF INTEREST

Home of the Q Standard

FEBRUARY 2025 – ARTICLES & ITEMS OF INTEREST

   ARTICLES & ITEMS OF INTEREST    February 28, 2025  |  0

FEBRUARY 2025 – ARTICLES & ITEMS OF INTEREST

CYBER ATTACK CASE STUDY & TIPS FROM BANKING AND PAYMENTS FEDERATION IRELAND

This month O’Leary Insurances, now rebranded to Brown and Brown, issued their first newsletter for 2025.  

The newsletter details the circumstances how one Irish business experienced a devastating cyber-related financial loss exceeding seven figures.  Despite being a relatively small company, it fell victim to a highly sophisticated attack that resulted in substantial monetary theft.  The impact was severe—most of the stolen funds were never recovered, leaving the company in a precarious financial position. 

Tuesday – Our customer was contacted by phone by people claiming to be from their bank. The malicious actor had an Irish accent and presented various details to reassure the customer that they were from the bank in question, for example, they knew details such as the company’s bank account number. The criminals mentioned a suspicious transaction on the account, as if they were acting in their interests protecting our customer, and they ended the call suggesting that the customer check all transactions. 

Thursday – The next step of the ruse was for another individual professing to be from the bank to call our customer again a couple of days later, quoting the account number and a case reference number they had created. They told the customer they had to do a profile reset.  Our customer was transferred to someone purporting to be from IT.  Both of these individuals also had Irish accents; in the mind of our customer, this is now a genuine call with their bank.  The ‘IT’ team shares a website link with the customer.  When opened, it looks like a genuine bank website.  During this chat, IT extracted the online login codes from the customer.  They now have the information they want to access their bank account.  The criminals say that the reset will take 24-48 hours to go through. This reassures the customer and they don’t check their bank account during this time as a result. 

Friday – The criminals are using this time to transfer funds out of the account. All the while, they are ringing our customer and gaining access to the approval codes for transfers, under the guise of it being part of the reset of their account.  Later on Friday, the bank contacts our customer flagging unusual activity – several transactions across Thursday and Friday.  At this point the reality of what had happened hit.” 

The newsletter also contains tips from the Banking and Payments Federation Ireland to protect yourself from phone and text scams: 

  • Do not reply to unsolicited text messages or provide personal or financial information. 
  • Do not use phone numbers provided within the text of a text message. 
  • Contact your bank using the number on the back of your debit / credit card. 
  • Do not click on a link from unsolicited text messages – remember your bank will never send you a link in a text message. 
  • If someone is pressurising you on the phone to take urgent action, hang up and call the number on the bank of your debit / credit card. 
  • Never give away personal information, bankcard payment details, bank account details or security details such as your PIN or online password to anyone.

To view this article in full see https://www.olearyinsurances.ie/contentFiles/newsFiles/CyberMatters_Newsletter_-_Brown_&_Brown_Feb_2025.pdf 

FRAUD WARNING AFTER SOPHISTICATED FRAUD ATTEMPT ON AN IRISH LAW FIRM

On the 14 February 2025, the Law Society of Ireland reported that it had been notified of an unsuccessful attempted cyberattack, using a sophisticated approach and mirroring a bank’s valid fraud number.

In this instance, the fraudster purported to be calling from the practice’s bank, AIB.  The caller, speaking with an Irish accent, followed the banks normal procedure lending to the authenticity of the call.  He claimed that there was an attempted fraudulent payment on the client account and requested that the solicitor follow a url so that he could help resolve the issue.

At this point the solicitor stated that they wished to contact the bank to verify the call and requested the caller’s name and direct dial. The fraudster stated that bank practices prevented him from disclosing his direct dial number but that he would hang up, and phone back from the bank’s main fraud phone number and that the solicitor could google the bank’s fraud phone number to verify. 

The fraudster did so and the phone number displayed was that of the bank’s fraud number. The solicitor separately contacted the bank, who confirmed that this was an attempted fraud and that fraudsters are able to mirror bank phone numbers. The solicitor ended all communications with the fraudster.  The bank confirmed to the solicitor that, if they had followed the url, they would have allowed the fraudster access to their system.

Checking legitimacy of calls

  • Solicitors are urged to remain vigilant and to end any suspicious call and contact their bank through a known phone number to verify the bona fides of the caller.  
  • Solicitors should never go to a website or click on a link that is sent to them, nor should they allow anyone to take remote access of their computer.
  • In addition, they should never give anyone a one-time code from the online banking app, no matter who they say they are or why they say they need the code.

To view this on the Law Society website and see links to other similar fraud scams see https://www.lawsociety.ie/news/news/Stories/cyber-security–unsuccessful-remote-access-fraud-attempt/ 

NEW HEAD OF AML, LAW SOCIETY OF SCOTLAND OFFERS ADVICES

On the 4 February 2025, the Law Society of Scotland introduced their new Head of Anti-Money Laundering, Gemma Turnbull.

When asked what she thinks is the biggest risk facing the legal profession today she states:- 

In my opinion, the biggest risk to the profession is also the one thing that has the potential to bring revolutionary positive change and that is artificial intelligence (AI).  The recent advancements in AI have massive implications in the fight against money laundering, especially in terms of the production of fake identification and evidence.  However, an example of the flip side of this is that advancements in technology have shown the potential for significant efficiency gains through activities such as automated document drafting.”

When asked if you could give one piece of advice to members about AML, what would it be?, she replied:- 

“If something doesn’t seem right to you, trust your instincts.  AML compliance isn’t solely about getting ID and source of wealth information to tick a box.  It is imperative to apply a ‘makes sense’ check to ascertain if what you are being asked to do seems correct given the circumstances.

For example, does the coffee shop in the West End of Glasgow need a storage facility in Jakarta?  Maybe it does and this is totally legitimate, or maybe this is a red flag that something is amiss.”   

To view this article in full see https://www.lawscot.org.uk/news-and-events/blogs-opinions/meet-our-new-head-of-aml-gemma-turnbull/

HIGHEST GDPR AWARD FOR DAMAGES IN AN IRISH COURT 

On the 17 February 2025, the Law Society of Ireland published an article titled “Highest GDPR award for damages in an Irish Court” it references the article written by Rachel Hayes, Adele Hall and Aoife Keenan of William Fry.

The following are extracts from the article.

“The Circuit Court awarded €7,500 in a personal-data-breach claim against the Government agency, Tusla.  This case marks the highest award of damages under the GDPR in the Irish courts to date.

The case concerned the unlawful disclosure of highly sensitive personal data, causing significant distress and damaging family relationships.  The plaintiff instituted proceedings for damages arising from a personal-data breach caused by the negligence and breach of duty on the defendant’s part.

The personal data included the plaintiff’s highly sensitive and confidential data, which was processed and circulated by the defendant to a third party without the plaintiff’s consent.

The personal data, which was the subject of the breach, related to abuse suffered by the plaintiff during her childhood.  The information disclosed included a detailed attendance note on the abuse. The plaintiff alleged that the unlawful disclosure caused damage to her relationship with her family and that she suffered upset and distress as a result.

The plaintiff successfully demonstrated that the personal-data breach, which involved the unlawful disclosure of sensitive information to a family member, caused substantial damage to her familial relationships.

The court concluded that the damage was genuine and not trivial, warranting an award of €7,500 for non-material damages.

The court’s decision demonstrates the serious nature of the breach and sets a precedent for future GDPR-related claims in the Irish courts.”

To view this article in full see https://www.lawsociety.ie/gazette/top-stories/2025/february/highest-gdpr-award-for-damages-in-irish-court/  

 

UK FIRM FINED £31,217 FOR DISREGARDING AML RULES OVER SIX YEARS

On the 25 February 2025, the Law Society of England and Wales reported on how the regulator has issued one of its biggest anti-money laundering fines yet.  A fine of £31,217 was issued against a firm that failed to comply with the rules for six years. 

Inspectors assessed six files handled by Manchester firm Nexus Solicitors and found none which contained a compliant risk assessment.  This was despite the firm’s staff handbook referring to a risk assessment and due diligence form and setting out a process for checking clients.

The Solicitors Regulation Authority said that the firm failed to document any risk assessment or provide a clear audit trail of the decision-making process, methods and rationale.  Based on the six randomly-selected files, it was evident that staff were not following proper processes from 2017 onwards.

On four matters, Nexus also failed to comply with its obligations around source of client funds checks.  These files had involved foreign nationals and showed red flags on an e-verification report, but there was a lack of scrutiny about where clients resided or where their money was coming from.

To view this article in full see https://www.lawgazette.co.uk/news/firm-fined-31000-for-disregarding-aml-rules-over-six-years/5122456.article

DO YOU HAVE A MANDATORY RETIREMENT POLICY – SOLICITOR FORCED OUT AT 63 WINS AGE DISCRIMINATION CASE

A recent judgment on age discrimination case will be of interest to law firms with mandatory retirement policies.

To view the article relating to the age discrimination case see https://www.lawgazette.co.uk/news/solicitor-forced-out-at-63-wins-age-discrimination-case/5122451.article 

AMERICAN LAWYER LOST €765,000 IN A SCAM INVOLVING FAKE IRISH FIRM

On the 18 February 2025, the Irish Legal News website referenced an article appearing in the Irish Independent about how an American lawyer has said he lost more than €750,000 in a so-called “romance scam” involving a fake Irish law firm.

The fraud involved someone posing as a solicitor from “Rowan and Walsh Law”, a fake law firm that purported to be based in Dublin.  You may recall the LSRA issued a warning about “Rowan and Walsh Law” last month, making clear that it is not registered with the Law Society of Ireland.

The victim, in New Jersey, said he was convinced to hand over more than $800,000 (around €765,000) to someone he met on a dating website but had never met in person.  This person, who he believed to be a woman living in Texas, told him that she was the owner of valuable diamonds, which were held in Ireland and were at risk of passing into the ownership of the State.

He was offered a share of the proceeds if he helped to cover the costs of importing and selling the diamonds, and was persuaded after seeing documents which “appeared authentic”.

After he realised that “Rowan and Walsh Law” was not a real firm, the woman vanished and his money was gone.

To view this article in full see https://www.irishlegal.com/articles/american-lawyer-lost-eur750k-in-scam-involving-fake-irish-law-firm 

UK – AML FINES

On the 4 February 2025, the Law Society of England and Wales reported how the Solicitors Regulation Authority has issued another batch of fines relating to firms not able to show they were complying with anti-money laundering regulations. 

Duffield Harrison LLP, based in Hertfordshire, received a fine of £25,000.  The regulator had assessed six client matters and found the firm failed to adequately conduct client risk assessments for each.  The firm also failed to maintain records of its risk assessment, so was unable to show the extent of the measures it had taken to meet the regulations.

The SRA said the firm has since demonstrated that risk assessments were being done on files, since at least 2012, albeit were not present on the six files selected for review.  A new fully compliant policy for risk assessment has now been put in place and communicated to all fee earners.

Other AML-related fines issued include – The Commercial Law Practice in Dorchester (£11,579), Burch Phillips & Co from west London (£3,370) and Steinbergs Solicitors from Liverpool (£3,778) and WGS Solicitors London (£25,258).

To view the related articles see https://www.lawgazette.co.uk/news/four-more-firms-hit-with-sra-fines-for-aml-failings/5122240.article   

and

https://www.lawgazette.co.uk/news/law-firm-and-partner-ordered-to-pay-53000-in-fines-and-costs-for-aml-failures/5122418.article

Recent Comments

    Suite 10027, 26 Upper Pembroke Street Dublin 2

    info@lqsi.ie

    (01) 2343727

    © 2025 THE LQSI.

    error: Content is protected !!