Holiday season is an appealing time for fraudsters to try their scams by taking advantage of when law offices have fewer staff working and there are added distractions. If you plan to be away from the office, arrange for a competent lawyer to supervise your practice and provide the lawyer and your staff with your contact information. Make sure that the lawyer and staff will ensure compliance with the anti-money laundering obligations in the Law Society Rules Part 3, Division 11 – Client Identification and Verification and BC Code rule 3.2-7. Further, staff may not deal with trust funds, except in accordance with the Law Society Rules Part 3, Division 7 – Trust Accounts and Other Client Property. We also strongly recommend that you review the social engineering tips found here with all staff.
Ensure you and your staff maintain an awareness of the different cyber risks including social engineering fraud, ransomware and data breach, and especially heed the following:
- Think before you click! If you unexpectedly receive a link or attachment – even if it is from someone you know – or sense anything unusual, call the sender using the telephone number you have on file (not the number listed in the message) to confirm the message is legitimate – do not verify an email with an email. If you open a link or attachment that you should have avoided, or a box opens that asks for your information, stop. Close out. Immediately call your IT professional, inform your law firm staff, and report the incident to the cyber insurer for law firms, Coalition, Inc.
- Before paying out any funds to your client, verify the email instructions are legitimate through direct phone (using the number on your client file) or in-person contact with your client.
If you suspect that you have been the victim of a cybercrime, report the incident immediately. Report, even if you have escaped a loss, as the fraudster is often still lurking in your system waiting for the next opportunity to defraud you.