From 2018 Fall Newsletter of AttPro Ally
Scammers are increasingly targeting lawyers by sending forged emails to law firms, their clients and/ or to financial institutions, instructing that funds be wired to accounts controlled by the scammers. The scam typically involves a compromised email account (which can be the lawyer’s, the client’s or even the bank’s) which scammers are monitoring to uncover pending transactions requiring an outlay of funds - such as a real estate purchase, a loan, or the settlement of a lawsuit. At the appropriate time when the parties are expecting a request for funds, the hackers (who often know exactly how much money is being transferred) will send wire instructions to the party holding the funds requiring that the funds be sent to the hackers’ account. The funds are immediately swept from the account, and the hackers disappear. The emails usually originate from an address that appears to be from a legitimate sender, but uses a similar, but slightly altered domain name. Sometimes the scammer will request a change to previous wire transfer instructions after a request has already been made (such as requiring a change in account numbers), or suddenly require that funds be transferred by wire when the original agreement was to pay by check.
For example, in a recent scam, hackers penetrated a law firm’s email accounts and monitored a lawyer’s account who was involved in settlement negotiations of a large commercial case. After the lawyer accepted a settlement on behalf of the client, but before the settlement agreement was signed, hackers, using an altered email account, sent an email to the lawyer’s client requesting that the client send the funds for settlement by wire transfer to the lawyer’s “trust account” in anticipation of the finalization of the settlement. The client followed the instructions, and the money disappeared. In another case, a lawyer received wire transfer instructions on a settlement for an amount lower than had been previously discussed, with a deadline by end of day. The lawyer was surprised at the lower demand, and called the opposing counsel to determine if the transfer of funds could wait until the following day. Needless to say, she discovered that no lower demand had been made, and opposing counsel had not sent the email at all. In another situation, on the day before the closing of a real estate transaction was scheduled, a client was sent a forged email which appeared to be from his lawyer instructing him to wire the funds needed for closing to the lawyer’s account. At closing, the parties discovered that the funds were missing, and no one involved in the closing had sent the email.
To avoid being a victim to one of these scams, attorneys should exercise a healthy dose of skepticism before any money is wired for a transaction. Look for inconsistencies with email such as various email addresses in use and different spellings of a name. Be wary when a party in a transaction suddenly changes their normal procedures, including instructions to wire money to a different account, using a personal email address as opposed to their usual work email, or contacting a different person at the company. All of these could be red flags to a potential scam. To confirm a proposed change, an attorney should first call the intended recipient to verify that the information is accurate and legitimate before transferring any funds. Additionally, lawyers should instruct clients and others that email instructions regarding wire transfers should always be viewed skeptically, and that confirmation by phone is an absolute must.
In fact, to the extent that wire transfers can be avoided altogether, lawyers should probably do so. While the UCC protects the sender of a stolen check with a forged endorsement, no such protection is afforded to funds wired to the wrong account. Sending money the old fashioned way through snail mail or by hand delivery may be slower and more cumbersome, but in today’s present climate, it’s far less likely to result in stolen funds.