Fraudsters strike two BC firms amid summer surge in attacks

LIF has received reports of one funds transfer fraud and one identity fraud in BC so far this summer. Here are the details:

Funds transfer fraud

A lawyer in the Interior narrowly escaped a funds transfer fraud. The lawyer was representing a client in a civil litigation matter and had successfully reached a settlement. Shortly thereafter, she received an email appearing to originate from her client but was actually from the fraudster, requesting that the settlement funds be wired to a Canadian bank account. The payment instructions came from the client’s email address, and the bank details provided matched the institution previously used by the client, but the account details were different. Fortunately, the lawyer followed secondary verification protocol. She initiated a telephone confirmation and, due to her suspicions, also arranged an in-person meeting with the client. During that meeting, she hand-delivered a cheque to the client for the settlement funds and confirmed the fraud attempt. Initially, she believed that only the client’s email had been compromised. However, after following our recommendation, she consulted both her IT service provider and Coalition. A subsequent investigation revealed that her firm’s IT system had in fact been breached and several other potential fraud attempts were stopped.

What can you do about funds transfer fraud?

Cybercriminals hack into law firms’ networks to intercept communications and trick lawyers into redirecting wire transfers based on emails that appear to come from clients, opposing counsel, or other parties related to the matter. Traditional red flags — such as a change in payment instructions, spelling mistakes, or reference to a foreign bank — are rarely seen. Today’s sophisticated fraudsters break in and monitor communications, waiting for opportunities. They sometimes get in at the front end by providing the initial payment instructions.  Secondary verification of all payment instructions is therefore essential.

Before paying out funds in any matter, verify that the payment instructions your firm received by email are legitimate through direct phone or in-person contact with the instructing party. Use a checklist for every payment instruction to avoid becoming the next victim. If you have fallen victim to a funds transfer fraud, immediately notify your bank and request a claw-back of the funds. Next, contact your cyber insurer and IT department to ensure the fraudster is not lurking in your system, and then report to us. Review our Notice to Lawyers for details of funds transfer frauds and to access additional resources.

Impersonation scams

Physical impersonation of a lawyer: A Vancouver personal injury lawyer acted for an elderly client. A fraudster visited the client’s home, falsely claiming to have been sent by the lawyer and requested that she sign documents allegedly related to her property. The client complied, believing the individual was acting on her lawyer’s behalf.
Later, she contacted the lawyer to ask what additional steps were required. The lawyer informed her that he had not sent anyone to her residence and had no knowledge of the documents in question. Unfortunately, the client is unsure what she signed and is taking further steps. An investigation is currently underway to determine if the law firm’s IT systems and client information were compromised.

Virtual impersonation of a lawyer: Clients have also been victimized by cybercriminals who have impersonated lawyers and their staff by phone and email to redirect client funds to themselves.

How can you protect your clients?

To help safeguard your clients, inform them about these threats. When you provide clients with your trust account information, consider advising them in writing that you will not change it. Encourage your clients to contact your office directly by phone to confirm your account information before wiring any funds to you.