Fraud warning from the Law Society of BC regarding fake client payment instructions
The following is from an August 6, 2019 warning from the Law Society of BC. Similar attempts to divert funds have been reported in Ontario as well.
Fraudsters continue to target BC lawyers
“If you are about to pay out trust funds and your client’s payment instructions change, stop and ensure that the change is legitimate by making direct, in-person contact with your client and follow the tips found here.
Two BC law firms, one in BC’s interior and one in downtown Vancouver, have recently fallen victim to sophisticated social engineering frauds involving millions of dollars. One firm redirected over half a million dollars in sale proceeds that it was holding in trust for a real estate client. The firm’s original instructions were received in-person, from the client. Before wiring the funds to the client as originally instructed, the firm received an email, purportedly from the client but in fact from the fraudster, directing that the funds be wired to a different account. The client never received the funds as the lawyer sent the funds to the fraudster’s account. In this case, the email address used by the fraudster was identical to that used by the client.
The second firm redirected over 1.5 million dollars in investment funds it was holding in trust for a corporate client raising capital in a securities transaction. The firm originally received payment instructions from the corporate client. As in the first fraud, before wiring the funds to the client, the firm received an email, purportedly from the client but that was actually from the fraudster, directing that the funds be wired to a different bank account. The funds were sent to the fraudster and not received by the client. In this case, the email address used by the fraudster was identical to that used by the client, except for one letter.
Protect yourself from liability.
Any time a payment of trust funds is imminent, assume that a hacker is also aware. Any client’s or lawyer’s email account can get hacked allowing a fraudster to perpetrate a social engineering fraud on the lawyer. Establish due diligence protocols for transferring funds and ensure all staff receive training and adhere to them.”
Visit the Cyber Dangers page at practicepro.ca to learn more about the various sophisticated online scams targeting law firms and what can be done to protect yourself and your clients from being victimized.