The Law Society of British Columbia published the following warning to its members on December 15, 2017.

A BC law firm has fallen victim to the sophisticated “phony direction to pay” social engineering fraud. Here’s what happened. The perpetrators hacked the firm’s computer, and then monitored the firm’s email traffic for some time before making their move. As soon as the lawyer was on holiday, the fraudsters appear to have sent an email – directly from the lawyer’s own email account – urgently requesting that the lawyer’s assistant immediately transfer funds to a client’s bank account (in reality, the fraudsters’ account). Although the assistant diligently attempted to reach the lawyer to confirm the instructions, the hackers intercepted and blocked her telephone calls. In addition, they responded to her email request to the lawyer to please telephone her by sending an email, again from the lawyer’s account, advising that he was tied up and unable to speak. The funds were transferred, leaving the firm with a significant trust shortage.

Protect yourself. If there is any request to transfer funds or any change in payment instructions, consider the possibility that a fraudster is at work. Ensure every request is verified through direct, in-person contact with the author. Establish protocols for transferring funds and adhere to them. Find more detailed information about the social engineering scams that trick lawyers into willingly paying funds out of trust, as well as all of our tips to keep you safe, here. And be sure to share this information, as well as our resources, with your key non-lawyer staff.

HOLIDAY ALERT: Be on high alert for scams during the holidays. Arrange for a competent lawyer to supervise your practice and provide your contact information to the lawyer and your staff.

We have seen similar fraud attempts in Ontario, including one that nearly 100 firms reported to LAWPRO (Recent increase in spear phishing emails targetting Ontario firms.) To learn more about these kinds of frauds and other online threats, visit practicePRO’s Cyber Dangers page.

Categories: Fraud Prevention