Colorado Supreme Court
Office of Attorney Regulation Counsel
Promoting Professionalism. Protecting the Public.
Lawyers
Beware
Follow these six steps to protect
yourself from the latest scam targeting attorneys.
By APRIL M. McMURREY
Spring
2015
Most of us are familiar with the
"Nigerian scam"— a Nigerian official promises significant sums of
money if only the email recipient can provide a small sum of cash immediately. Even
if the content is not a giveaway, usually the grammatical errors alert the
reader, and most people avoid the trap.
However, in a new and more sophisticated
scam targeting attorneys, the red flags are subtle, if they exist at all, and
detecting the fraud is not so simple.
The scheme looks like this: A legitimate
closing is scheduled for the sale of property. An email hacker breaks into the
email account of someone involved in the closing, such as the seller’s closing
agent or attorney. The hacker communicates with the law firm or closing agent handling
the transaction. The hacker purports to be the seller of the property or the
seller’s real estate agent. The hacker provides instructions to wire the
proceeds of the sale directly to their bank account. Because the hacker has
assumed the identity of the seller/agent, when the email recipient writes back
with questions (attempting to verify the authenticity of the instructions), the
hacker again intercepts the email and responds. The funds are wired to the hacker’s
account, and once the fraud is discovered, the funds are already gone.
Because the funds are nearly impossible
to recover once the wire is complete, preventing this fraud is key. Attorneys
in Virginia, North Carolina, and New Hampshire have already reported this
conduct. Colorado lawyers are urged to take the following steps:
1.
Do not use email to confirm closing
instructions; rather, confirm instructions via letter or fax.
2.
If email instructions are provided, call the
client or sending party to confirm the instructions. Do not rely on a call from
the “seller.” In at least one instance, a law firm had in place two-level
confirmation to protect against such fraud, but because the hackers emailed and
called with the “new” instructions, the firm adhered to the hacker’s
instructions.
3.
Do not use telephone numbers that were
“recently” provided; rather, contact the seller/sending party via the original telephone
number provided.
4.
Review computer security frequently, including
email security for all employees; and when appropriate, implement new
technology and policies to ensure against vulnerabilities. For more information
regarding security, see recent OARC Update articles “11 Tips To
Safeguard Clients’ Digital Information,” “Padlock
Your Email,” and “Password Protection 101.”
5.
Review wiring procedures and analyze where the
firm may be vulnerable.
6.
Verify how your carrier may interpret this
conduct. When the legitimate seller demands “repayment,” there may be a claim.
Even if the carrier makes payment, the insured will likely still have the
deductible expense.
For more information about scams, read “Scams
Targeting Lawyers Get Sophisticated” or see the FBI’s list of common fraud schemes.
To report concerns regarding fraudulent
conduct, contact the Office of Attorney Regulation Counsel at (303) 457-5800 or
the Colorado Attorney General’s Office at www.stopfraudcolorado.gov.
April M.
McMurrey is an attorney in the intake division in the Office of Attorney
Regulation Counsel.