For years, lawyers have been encouraged to carefully scrutinize email headers, letterhead, and names and addresses on any communications related to a wire transfer.
Those remain important and oft-effective precautions, but fraudsters are quick to adapt.
With millions of dollars on the line and sophisticated technology at their fingertips, today’s cybercriminals are finding new ways to target lawyers and intercept wired funds.
Here’s what you need to know to detect and avoid attempted fraud:
- Wire transfer instructions may be fraudulent even if there are no discrepancies in the email header. For many years, these scams relied on a forged email address that looked legitimate until closer scrutiny revealed a missing letter — or perhaps two v’s substituted for a w. But today, it is possible for criminals to fake an email without changing the sender’s email address. You may find that the law firm letterhead, the parties’ names, and their addresses all check out — with none of the usual red flags for fraud.
- The criminals might even use a trust account at the right bank. Perhaps you’ve been told in the past that a last-minute change of banks is a warning sign. That’s true. But it’s also possible that the criminal has been monitoring correspondence related to the transaction for a while and has had time to create an account — perhaps even a trust account — at the appropriate bank.
- The falsified bank account number may be off by only a digit or two. Criminals are counting on lawyers and their support staff to overlook a very slight discrepancy in the bank account number.
- The fraudulent email may look identical to previous and legitimate correspondence. If hackers have been monitoring communications concerning the transaction, they can effectively mimic the format, language, style, and tone you’re used to.
Lawyers and Support Staff Must Be Extraordinarily Vigilant
As attorneys become increasingly familiar with the “old tricks,” today’s criminals are adapting and finding new ways to perpetrate a fraud. While we encourage lawyers to continue carefully scrutinizing emails to guard against a whole host of pernicious threats — malware, ransomware, phishing schemes, and more — we also urge you to remember that a careful scroll through the email may not be enough.
Always call the other party to verify wire transfer instructions. Even when the closing date looms large, vigilance is a must. Criminals will exploit a nearing deadline or a time crunch to take advantage of busy lawyers and their support staff.
These new types of schemes can be especially difficult to identify. We hope that this reminder will inspire renewed vigilance so that you and your practice can circumvent these bad actors’ best efforts.