ALIAlert: COVID-19 Pandemic Increases Cybersecurity and Fraud Risk
|
|
ALIA is warning Alberta lawyers to be vigilant against attempted cybersecurity and fraud scams, as the current COVID-19 pandemic has resulted in a spike in reports of such scams both generally and against lawyers.
ALIA also is asking Alberta lawyers to continue reporting attempted frauds and scams to
ALIAlert to help facilitate warning the profession of fraudulent activities.
Fraudsters prey on fear and uncertainty. Opportunities for scams and fraud can proliferate in the presence of unusual events such as office closures (including remote working arrangements), economic instability and stressful times.
A wide range of scams are being reported by various agencies, including Alberta Health Services and the Canadian Anti-Fraud Centre, as well as by companies and law firms. While many of these scams target consumers or involve identify theft, others target businesses, including lawyers and law firms.
Some of these scams involve reports of phony emails and attachments related to COVID-19, such as pandemic maps, emails from IT teams warning of coronavirus awareness and emails containing COVID-19 tools, and these attachments may contain malware designed to compromise firm security. Instances of fake DocuSign links have also been reported.
Many of these kinds of emails and attachments are phishing and include risks that email communications to and from clients may be hacked and that firms may be infected with ransomware. The former can expose firms to loss of client funds (for example, through social engineering) and client information and the latter to loss of firm data, including client information. More information on these and other types of risk can be found in the
March 14, 2019 ALIAlert and the
September 11, 2019 ALIAlert.
Potential scams perpetrated by fraudulent clients, including bad cheque scams, may also increase during this time. An explanation of the typical bad cheque scam, including red flags,
can be found here.
Unfortunately, internal theft of trust funds by employees could also increase. This situation is addressed by the Law Society of Alberta in its
COVID-19 FAQs.
Actions to be Taken
Ways to protect yourself from fraudulent emails include:
- Check embedded hyperlinks by hovering your mouse over the link to verify the address.
- Be wary of clicking on any attachments or links, as they may contain viruses, malware and spyware.
- Protect your computer with antivirus software, spyware filters, email filters and firewall programs.
- Ensure your antivirus software is active and up to date. Regularly schedule scans to search and remove already existing malware.
- Keep your operating system and software up to date.
- Make regular backups of important files.
- Other suggestions for cyber safety are contained in this article provided by Aon Reed Stenhouse.
- The Canadian Centre for Cyber Security has published recent guidance regarding IT systems including how to address the increased risk of ransomware during the COVID-19 pandemic, which is entitled “Cyber threats to Canadian health organizations”. Although it is targeted at medical and health organizations, the Cyber Centre notes the advice and guidance also applies to other Canadian businesses and provides best practices.
Ways to protect yourself from bad cheque scams include:
- If you or your law firm receives any request to handle a legal matter from a client who is from out of the country, consider the possibility that a fraudster is at work.
- Follow these Client Identification and Verification Rules before taking on anyone as a client, as well as the Law Society of Alberta’s current guidance regarding the Rules.
- Hold the funds until your bank confirms they are properly deposited into your trust account by contacting the bank that issued the cheque. Have your bank confirm, in writing, that it is safe to withdraw funds from the deposit. However, even this may not be completely risk free, as banks often reserve the ability to subsequently remove funds from your account.
- Establish protocols for transferring trust funds and adhere to them.
- Inspect email communications for inconsistencies, including contact particulars. Recognize that fraudsters have maintained fake internet sites for Alberta firms where fake contact particulars have been provided.
- If you receive a communication that appears suspicious, please send an email containing details of the message to ALIAlert and, if possible, provide the potential fraudster’s contact information.
- If you think you are being defrauded, the Law Society of Alberta may be able to assist.
|
|
ALIA’s indemnity program covers subscribers against negligence and misappropriation in accordance with the terms of the group policy, but it does not provide coverage against cybercrime. ALIA recommends that all lawyers in Alberta obtain cybercrime coverage.
As previously advised in the
November 21, 2018 ALIAdvisory, to make it easier for Alberta lawyers to purchase cyber insurance, ALIA has arranged with its Broker, Aon Reed Stenhouse, to make available a robust cyber policy called the Beazley Breach Response Policy (the “BBR Policy”) which is available for Alberta lawyers to purchase. For more information on purchasing this insurance coverage, please email
ablawyers@aon.ca.
Cyber insurance can also be obtained from most commercial brokers or from the Canadian Bar Insurance Association/Lawyers Financial (“Lawyers Financial”) and from the Canadian Lawyers Insurance Association (“CLIA”). It is important to note that cyber products do vary and that not all products provide the same coverage.
ALIA remains grateful to Alberta lawyers and firms for their continued reports of potentially fraudulent activities.
|
|
ALIA does not provide legal advice. ALIAdvisory notices, ALIAlerts and the content on ALIA’s website, notices, blogs, correspondence and any other communications are provided for general information purposes only and do not constitute legal or other professional advice or an opinion of any kind. This information is not a replacement for specific legal advice and does not create a solicitor-client relationship.
ALIA may provide links to third-party websites. Links are provided for convenience only; ALIA does not vet or endorse the information contained in linked websites or guarantee its accuracy, timeliness or fitness for a particular purpose.
If you believe that you have been targeted by potentially fraudulent activity, please
contact ALIAlert
.
|
|
|
|
|
|
|