There’s a knot in your belly. Earlier today you received an email from your client asking you to wire the proceeds of a large real estate transaction to an updated account number. You complied, of course. It’s their money after all.
At least, you thought it was your client. It looked like an email from your client. It read like an email from your client. And they knew all the details of the transaction. But now your client is saying they never sent such an email and never received the funds you transferred.
You’re the victim of wire fraud, you’ve lost trust funds belonging to your client, and your basic malpractice insurance may not cover what could be a massive amount of liability.
In these scenarios, fraudsters can discover the details of a specific matter involving a large sum being held in a trust account. These details may be gleaned from gaining access to a lawyer or staff member’s email account and reviewing all communications related to a legal matter, or the details could be acquired from another party. But somehow, the fraudster learns enough to convincingly disguise themselves as a known party entitled to funds held in the trust by the lawyer. The fraudster then sends the lawyer a phony email giving “instructions” for funds to be transferred to an account controlled by them. And with one click, hundreds of thousands, or even millions of dollars can be lost.
Thankfully, there are things you can do to help avoid experiencing these nightmare scenarios.
1) Call before you click.
If you receive instructions by email from a client, other lawyer, or third party that involves transfer of funds, always pick up the phone and call the individual to verbally confirm those instructions.
2) Train your lawyers and staff
Make sure all the lawyers and support staff in your firm are aware of the likelihood of spear-phishing attacks and phony wire transfer instructions, as well as the need to verbally confirm any changes to wire-transfer instructions received by email.
3) Warn your clients
Alert your clients of the dangers associated with wire fraud and advise them to verbally confirm with your firm any bank account details received by email.
Shawn Erker (@ShawnErker) is Legal Writer & Content Manager at LAWPRO.