Wire fraud is becoming increasingly complex and frequent in the lawyer’s practice space as the electronic transfer of funds is becoming a norm in society. Consequently, it is critical to have sound practices and protocols in place to protect private information and funds from unintended parties and fraudsters who have developed a number of schemes to steal funds through the wiring process.
A typical scenario recently played out with a Real Estate attorney (the Insured) who inadvertently wired funds to a fraudulent party after receiving bogus wire instructions. The way the scam worked, in this case, was that an e-mail system was hacked on the client’s end. The bad actor was then able to block legitimate e-mails coming from the Insured from getting through to the client. A false e-mail address closely resembling the Client’s was created by the fraudster who began emailing the Insured regarding the real estate transaction, for which the Insured was holding his funds. The Insured then received false instructions from the fraudster and then wired a significant sum of money to a wrongful party. Knowing that time is of the essence to recoup or claw back wired funds, the fraudster also sent e-mails to the client in order to create more time before the diversion could be discovered. Specifically, the fraudster e-mailed the client (who never requested a wire of funds) stating that “the check was in the mail”.
Experts in the financial and real estate industry will opine that the party wiring funds has the responsibility to verify that the party to whom the funds are being sent is legitimate before wiring occurs. This minimally means using a phone number from the initial inception of the relationship to validate the details of the wire.
In addition to the above, there are often many clues that would raise flags concerning the propriety of the wire request being made. Indeed, in the situation referenced above, the email addresses were closely similar but incorrect. Business logos that previously had been on e-mails were no longer there. In addition, some of the phrases and salutations were out of character coming from a client with whom they had a long-term relationship.
If your business wires funds or deals with a partner or client that issues electronic transfer of funds, you are a target and should take additional steps to protect your business from becoming a victim.
The best prevention is to avoid wire transfers. However, if that is not a realistic option, NEVER approve a wire payment, or allow your staff to set up a wire transfer without verifying the information with the client or business partner via telephone call.
ALWAYS call a number that you have previously used, NEVER confirm by using the phone number listed in the email requesting the payment. ALWAYS strive to speak to someone you already know.
ALWAYS closely inspect the e-mail address and details in any correspondence with wiring instructions.
Additional tools to confirm the wiring process is safe include: proper security software, regular software updates, computer system reviews, multi-factor authentication, and employee training, etc.
As the schemes to defraud are becoming more complex, so too must the defenses be established to avoid a situation that could devastate a client, and/or a Law Firm's Practice.