In the article “Danger: When a hacker emails you instructions in the name of your client” we warned lawyers to be aware of the danger of fake emails from the client attempting to redirect funds in a real estate purchase.

In a new twist on this scam, a firm informed us that their client was targeted by emails that appeared to come from the firm asking that the deposit on a real estate transaction be deposited in a different account. On the surface, the email looked legitimate. The fraudsters even went to the trouble of copying the firm’s letterhead for a pdf attachment outlining the fake wire instructions. The only change to the letterhead was the insertion of a non-existent employee who was supposedly sending the instructions.

Fortunately, the fraud attempt was spotted and the firm changed their email and server passwords

As “spear phishing” attempts like this become more sophisticated, firms should familiarize themselves with how they work (see Don’t take the bait on a spear phishing attack).

Clients should be advised that any instructions regarding the transfer of funds should be confirmed independently via a telephone number the client was previously using to communicate with the lawyer.

Categories: Fraud Prevention