The Solicitors Regulation Authority (SRA) are warning firms to be wary of scammers tricking them into disclosing bank security information over the telephone.
Four firms have been targeted this way recently, and collectively have had £2 million taken from their accounts. The scammers gain the confidence of those they call – known as social engineering – to obtain important information and access account funds.
Specifically, they ask for "challenge and response" codes, which are used to authenticate payments and in some cases digital banking log on and password credentials.
Firms are advised that banks will never ask for passwords or response codes over the telephone.
Robert Loughlin, SRA Executive Director of Operations, said: "These scammers are very active and convincing. They are highly sophisticated in their approach and therefore very capable of duping many people."
Banks suggest that firms independently validate callers by contacting somebody they already know at the bank, preferably using a separate telephone line, for example a mobile line, as there have been examples of scammers keeping the line open to intercept any follow-on call to check.