Description of Potential Fraud:


Law firms and lawyers take notice: cyber criminals are specifically targeting you because they want your data or the money in your trust account. Law firms are actually very appealing and sought-after targets for cyber criminals for three reasons. Firstly, law firms have large amounts of sensitive and confidential information that can be very valuable. Secondly, law firms tend to have very large sums of money in their bank accounts. Lastly, and not the least, relative to their clients and based on anecdotal information, law firms tend to have weaker security protection in place on their networks and systems.

In December, 2012, an Ontario law firm provided notice of a claim involving the infection of one of its computers by a Trojan banker virus. This was a very sophisticated fraud in which the firm’s
bookkeeper was induced, by a fraudster posing over the phone as a bank representative, to key in account and password information on her infected computer. Through the virus, the fraudsters were able to capture this information which they then used to access the firm’s bank account. Over the course of several days, fraudsters wired several hundred thousand dollars from the firm’s trust account to offshore accounts.

A more detailed review of how this fraud happened will help you appreciate how sophisticated these frauds can be. It appears the bookkeeper’s computer was infected when she clicked on a link on a popular news website. Despite being the most current version with all updates, the antivirus software running on her computer did not recognize or stop the infection.

After being infected, the bookkeeper’s computer appeared to have difficulties accessing the bank’s website. She got a “This site is down for maintenance” message. This was actually not a page from
the bank’s website; rather, it was a fake or “spoofed” page pretending to be the bank’s website. On another screen that appeared on her computer – which also looked like it was the bank’s real website – she was asked to enter her name and phone number. This appears to have given the fraudsters her contact information, as later that day the bookkeeper received a telephone call from someone, allegedly from the firm’s bank. That caller said she was aware of the login attempts and stated that the site had been down for maintenance. The caller said the site had been fixed and asked the bookkeeper to try logging in again. The bookkeeper did so, entering the primary and secondary login passwords for the account on screens that appeared on her computer – the passwords were not given to the person on the phone. The second password came from a key fob password generator. This appears to have given the hacker both passwords and access to the firm’s trust account.

On each of the following two days there were similar phone calls to the bookkeeper from the woman who allegedly worked for the bank to “follow up on the website access problems.” On each occasion, the bookkeeper tried to log in again and entered the primary and secondary passwords on screens that appeared on her computer.

The fraudsters went into the account during or immediately after each of the three phone calls and wired funds overseas. An amount less than the balance in the account was wired out each time. This was an infrequently used trust account and the firm had never done wire transfers from the account. The bank did not detect these frauds or stop the wires. The people behind this fraud appear to have had intimate knowledge of how to send wires from a bank account. By the terms of the banking agreements the firm had signed with the bank, the firm was responsible for replacing the funds that were taken out of the firm’s bank account.

Lawyers should not underestimate the sophistication of frauds targeting trust accounts. To better protect yourself from one of these frauds, see “Increasing your online banking safety” in Protecting Yourself from Cybercrime, The Steps You Need to Take from the December 2013 issue of LAWPRO Magazine.

Categories: Fraud Warnings