April 19, 2018
A New Twist on the Bad Cheque Scam
The Alberta Lawyers Insurance Association (ALIA) has received word from Saskatchewan of a sophisticated bad cheque/email scam that is targeting law firms. The Saskatchewan Lawyers' Insurance Association released this warning on April 17, 2018:

The Law Society was informed about a recent fraud attempt on one of our Saskatchewan law firms and it was not the typical fraudulent cheque scam. The scam involved a law firm’s email server being hacked and the fraudster’s bank information being inserted into a legitimate chain of emails between two Saskatchewan law firms in order to misdirect trust monies. The sophistication of this fraud has increased, therefore, please be sure to share this fraud alert with all staff so that everyone is aware of the signs. 

Similar to the alert in October 2017, there was both a legitimate client and a valid real estate transaction. The Saskatchewan law firm representing the seller provided their trust letter along with attachments and a copy of their void cheque to the buyer’s Saskatchewan law firm via email. The very next morning, the buyer’s law firm received an email from what appeared to be the seller’s law firm, requesting the law firm deposit trust monies to a different trust bank account, due to an audit in-process. Bank account details were even provided on what appeared to be the seller’s letterhead with the lawyer’s signature. As a result, the buyer’s firm completed a direct deposit of the trust monies to the new bank account and emailed confirmation to the seller’s firm. Thankfully, the seller’s law firm noted the bank account discrepancy and notified the buyer immediately which allowed the buyer’s law firm to stop payment on the cheque. However, an hour later could have resulted in a completely different outcome.

Some of the red flags noted include:

  • Bank instructions were changed just prior to payment. Any change in banking instructions should be an immediate red flag. Also note, it is extremely rare that activity in a trust account would be affected in any way by an audit.
  • The “new” bank account was physically located in another province (i.e. outside of Saskatchewan). Other than a few exceptions, all Saskatchewan law firms must deposit trust monies to a Saskatchewan-based trust bank account.
  • All emails from the fraudster appeared to be identical to the legitimate email address, except for one email whose address contained an extra letter.
  • The font of the body of the letter was not consistent with the letterhead and the closing salutation.

In order to avoid falling for such a fraud, the following controls/actions are strongly recommended:

  • Discourage/eliminate the acceptance of banking details or wire transfer instructions via email;
  • If banking instructions must be received by email, you MUST confirm such details, especially any change in banking instructions, with the other party by telephone using confirmed contact information before disbursing monies (i.e. do not use contact information received via email);
  • Keep an eye out for inconsistencies in emails (i.e. email address slightly different from known email address, details within email that are inconsistent with file, poor grammar, unexpected foreign address, contact information that does not match client file records);
  • If a party’s email becomes hacked, cease to correspond with this party via email until their email is confirmed to be secure;
  • Share details of this scam with all firm staff; and
  • If your law firm is the party that was hacked, immediately contact your IT professional and immediately stop using email until your IT professional advises otherwise.

Please be extra diligent when paying any funds from your trust (or general) bank account. Again, any change in banking instructions should be considered a major red flag that requires extra attention. It is extremely rare to recover funds once disbursed, even in cases of fraud. In this case, the law firms involved were very fortunate. 

If you receive communications that appear suspicious, please send an email to the ALIAlert mailbox and, if possible, provide the potential fraudster’s contact information.

The Alberta Lawyers Insurance Association provides the ALIAlert service to all Alberta lawyers participating in the insurance program. If you believe that you have been targeted by potential fraudulent activity, please contact ALIAlert so that we may alert other members of the profession and avoid losses that increase the cost of everyone’s insurance.