Notice to lawyers
December 15, 2021

Several BC law firms have recently fallen victim to cybercrimes.  

At one firm, the criminal spoofed a lawyer’s email address and sent a fraudulent invoice to his assistant for payment. The assistant asked the lawyer for a file number to process the invoice. They discovered the invoice and email were fraudulent, made no payment, and thought they were in the clear. However, on the same day, the hacker tried again and accessed the assistant’s email. The hacker caused 1,850 emails to be sent to about 850 people from the assistant’s account. The message asked recipients to click on a link. Several people emailed the assistant to check its legitimacy. The hacker intercepted those emails, and emailed them back saying that it was and that they should click on the link.

At another firm, an in-house bookkeeper’s email was compromised. The hacker sent an email to the firm’s bank and requested that funds be sent to another bank. It was fortunate that in this case the bank contacted the firm personally to confirm the transfer to the different bank account and the firm was able to stop the transfer.

At a third firm, a lawyer received an email that he thought was from their storage provider stating that the firm’s disc space was full and including a log-in link. The email, link and log-in page were convincing, but fraudulent.

As always, be vigilant by remembering:

  • If you sense anything unusual, hover over the name of the person sending you the email to ensure that the email address is correct. For example, an email from someone within your firm should have the same domain you use.
  • If you unexpectedly receive a link or attachment – even if it is from someone you know – or sense anything unusual, call the sender using the telephone number you have on file (not the number listed in the message) to confirm the message is legitimate. Do not verify an email with an email.
  • If you open a link or attachment that you should have avoided, or a box opens that asks for your password or other information, stop. Close out. Immediately: call your IT professional, inform your law firm staff, and report the incident to LIF’s cyber insurer for law firms, Coalition, Inc. Their contact details can be found here.
  • Avoid using public, unsecured Wi-Fi. The person sipping a latte to your left may be stealing your passwords.
  • Do not access private or confidential information in public spaces.

Talk to your IT professional about our top five recommendations to avoid cyber risk:

  • Multi-factor authentication – Ensure two pieces of information are required to access email or your computer network. If a criminal acquires only one, your computer network may still be safe.
  • Routine backups – Regularly back up your systems and information to a location that is not connected in any way to your network.
  • Email security – Email is the single most targeted point of entry into an organization for a criminal hacker. Talk to your IT professional or Coalition, Inc. about measures including SPF, DKIM, DMARC, and an anti-phishing solution to protect your domains against abuse in phishing or spoofing attacks.
  • Wire transfer verification – Do not accept emailed instructions to transfer funds unless your client has confirmed the instructions by phone or in person – and make sure you have an accurate phone number.
  • Password management – Create strong, unique passwords for each account. Change them regularly and never share passwords with anyone. Encourage employees to use a password manager.

Coalition’s policy is claims-made and applies to data (privacy) breaches, network security failures and common cybercrime risks – funds transfer fraud, social engineering fraud and cyber extortion. You have access to an industry-leading 24/7 incident response and claims team, so report all incidents immediately to Coalition, Inc. even if you think your incident was a “near miss.” Their security team can ensure you have no remaining risk.  

Further information, including links to pre-recorded webinars, details on coverage, risk management and FAQs, is available here. If you have questions about LIF’s new cyber program, email Shelley Braun at

For the latest updates from LIF, follow us on Twitter @Lifbc.