Cybersecurity Threats: Recent Instances of Trust Account Theft

March 27, 2025

In the last few weeks, the Law Society has received reports of cybercriminals calling lawyers pretending to be security or trust safety personnel from the lawyer’s bank. The cybercriminals use social engineering techniques to gain access to the lawyer’s trust account. Once access is gained to the trust account, the cybercriminals use electronic funds transfers to withdraw trust monies. This is a reminder to be suspicious of unexpected emails and telephone calls. If someone calls you and purports to be from your bank, hang up and call your bank back at their main contact number.

Our digital landscape is constantly evolving, and it is crucial to remain vigilant against a wide array of sophisticated cybersecurity threats. In recent years, there has been an alarming rise in social engineering attacks — where cybercriminals disguise themselves as trusted accounts or organizations to deceive unsuspecting recipients — as well as business email compromise attempts, which can result in fraudulent financial transactions and unauthorized access to sensitive data. Lawyers and their trust accounts are high value targets for a variety of types of cybercriminals.

To strengthen your defenses against these threats, it is important that you and your organization adopt proactive measures. These can include, but are not limited to:

Cybersecurity and Social Engineering Training – Engaging in regular cybersecurity training to ensure you and your employees know how to recognize and report potential impersonation attacks and business email compromise attempts.
Stringent email authentication protocols – Implementing protocols to verify the legitimacy of incoming messages and identify fraudulent ones.
Multi-Factor Authentication– Enhancing security with multiple authentication layers and robust password management practices to help protect business emails, bank login credentials and other vital programs. To add an additional layer of protection to bank accounts, consider adding secondary authentication to withdrawals, including electronic funds transfers from lawyer’s trust and general accounts.

By fostering a culture of heightened awareness and equipping ourselves with the necessary knowledge, we can all help mitigate the risks associated with these evolving digital threats.