A B.C. law firm recently paid out a six-figure sum — to a fraudster. The sophisticated scam, known as a social engineering fraud, showed the degree to which scammers today will go to swindle law firms and their clients.
The Law Society of British Columbia said the fraud, which likely took weeks, even months, started when the perpetrators hacked the law firm’s computer. They then patiently waited for an opportunity to arise. When one lawyer was away on vacation, the fraudsters sent an e-mail directly from the lawyer’s own account urgently requesting funds be transferred to a client’s bank account. The lawyer’s assistant tried to confirm the request, but the hackers blocked her telephone calls.
They also sent an e-mail response, again from the lawyer’s account, saying he was unable to speak with her at that time.
And the money was transferred to the fraudsters’ account.
Although it is difficult to quantify the number of scams involving lawyers and their clients — because so many go unreported — lawyers and law firms are a focus for many fraudsters. “The most sophisticated scammers are targeting specific types of lawyers and types of victims because their success rate is likely to be higher,” said Darrel Pink, who recently stepped down as executive director of the Nova Scotia Barristers’ Society in Halifax.
At present, in Alberta, the main types of frauds targeting lawyers are various forms of a phishing scam.
“They all appear to be designed to gain information that will enable fraudsters to steal money from lawyers, firms or their client’s bank accounts,” noted David Weyant, chief operating officer with Alberta Lawyers Insurance Association (ALIA) in Calgary.
ALIA itself has been targeted. The most recent alert dealt with a fake “Dropbox” e-mail scam that was sent to the association from what looked like a legitimate contact. Staff, suspicious of the e-mail, had the IT department review its contents. “It was determined that the e-mail’s ‘Dropbox’ attachment contained a virus that could have done some serious harm or provided the scammer access to our system,” said Weyant.
The type of scams targeting lawyers and firms can vary across the country. Currently bad cheque frauds are the most common scam targeting lawyers in B.C., Law Society of British Columbia spokesperson David Jordan in Vancouver told The Lawyer’s Daily. These scams were popular in Ontario a few years ago but now appear to be declining there, perhaps because of increased awareness, said Dan Pinnington, vice-president claims prevention and stakeholder relations with the Lawyers’ Professional Indemnity Company (LawPRO) in Toronto. These frauds involve having lawyers deposit a bogus cheque into their firm’s trust account then dispersing funds to the fraudster before discovering there really is no money.
Ransomware may be gaining ground. As the name implies, hackers gain control of a firm or individual lawyer’s computer system and demand payment to release the contents. Two to three years ago, the ransom demanded was usually $200 to $300 and most often in bitcoin, which is untraceable. Today, that demand can be as high as $15,000, said Pinnington. “Ransomware is out there. It is happening to firms. User awareness is key to avoiding ransomware.”
Common sense and stringent financial protocols are critical elements in fraud prevention. “Do not click on celebrity news links. Do not click on attachments from strangers,” noted Pinnington.
And do not bow to pressure from presumed clients, prospective clients or potential colleagues — especially if they are in a hurry, willing to cut corners and are not concerned about the cost of your accommodation. “The more distant the relationship with the person, the bigger the warning signs,” said Pink.
Awareness and diligence are the two key tools in preventing the majority of scams from succeeding. “The most important steps are for lawyers to educate themselves and their staff about the types of scams and how to avoid falling victim to them,” said Jordan.
Lawyers also need to speak up about fraud attempts and pay it forward, said Weyant. “We can alert other lawyers on how to recognize and avoid these scams.” A B.C. law firm recently paid out a six-figure sum — to a fraudster. The sophisticated scam, known as a social engineering fraud, showed the degree to which scammers today will go to swindle law firms and their clients.
The Law Society of British Columbia said the fraud, which likely took weeks, even months, started when the perpetrators hacked the law firm’s computer. They then patiently waited for an opportunity to arise. When one lawyer was away on vacation, the fraudsters sent an e-mail directly from the lawyer’s own account urgently requesting funds be transferred to a client’s bank account. The lawyer’s assistant tried to confirm the request, but the hackers blocked her telephone calls.
They also sent an e-mail response, again from the lawyer’s account, saying he was unable to speak with her at that time.
And the money was transferred to the fraudsters’ account.
Read the full story at The Lawyers Daily.
This story was summarized by Canadian Fraud News Inc.
