August 20, 2018
Fraudulent Emails Targeting Firms and Clients
An Alberta law firm has reported an attempted fraud which appeared to involve its client’s email being hacked to target a specific purchase and sale transaction. Fraudulent instructions to transfer money in the transaction were both received and sent but the firm and the client uncovered the potential fraud before any funds were sent.

In this case, the client received an email from what appeared to be the firm’s paralegal's account but it was actually the potential fraudster’s. The email asked the client to transfer funds into a (fraudulent) account instead of bringing a bank draft to the firm as had been arranged. The client was sophisticated enough not to do this and contacted the firm. A few days later, the firm’s paralegal received an email from what appeared to be the client's email asking her to transfer funds into an account (the same account as the first attempt) instead of the account to which the firm had been previously instructed. She was suspicious and contacted the client.

The emails were sophisticated and appeared to be from legitimate email accounts, except that they had a small modification to them. In each case the fraud was caught before funds were transferred. The firm checked its email systems and concluded the client’s email account had been hacked.

Over the past two weeks, several other firms have also reported scams that target specific transactions and individuals in their firms.

One firm reported that it was acting for the buyer in a real estate closing and received an email from a potential fraudster using the seller’s firm’s name, requesting to know the amount to be deposited into the seller’s account and to deposit the amount into a trust account that the potential fraudster was going to provide. The email address looked like the seller’s lawyer’s and was received the day of the closing. The firm was suspicious and contacted the seller’s law firm, who confirmed they had not sent the email.

In another report, a firm received a suspicious email from a potential client in the USA requesting help to enforce a Japanese settlement agreement against her ex-husband in Edmonton. The email was specifically addressed to one of the firm’s lawyers and attached a (presumably fake) Japanese divorce decree, settlement agreement and passport copy. This raised a number of cheque scam red flags to the lawyer who received it. Yet another firm reported a typical looking fake cheque scam email, but the text of the email itself was specifically addressed to the individual within the firm that received it.

Finally, a fifth firm reported that individuals in the firm have been receiving emails “Re: Are you in the office?” from an email account that looks like it is from another member of the firm. The emails, if responded to, request funds including for business development purposes.

All of these cases are specifically targeting the firms and their clients, or specific transactions, as opposed to fake cheque scams that involve general phishing emails that are sent to Alberta lawyers on a continuous basis.  

Fraud Prevention

A number of approaches can help prevent these kinds of fraud. For instance:

  • Any change in banking instructions should be an immediate and major red flag. It is rare to recover funds once disbursed, even in cases of fraud.
  • Discourage/eliminate the acceptance of banking details or wire transfer instructions via email.
  • If banking instructions must be received by email, you MUST confirm such details, especially any change in banking instructions, with the other party by telephone using confirmed contact information before disbursing monies (i.e. do not use contact information received via email).
  • Consider that emails received from a potential fraudster may appear to be identical to the legitimate email address. While you should keep an eye out for inconsistencies that may indicate a fraudulent email (for example, email address slightly different from known email address, details within email that are inconsistent with file, poor grammar, spelling and formatting errors, unexpected foreign address, contact information that does not match client file records), do not assume that a fraudulent email can always be identified in this manner.
  • If a party’s email becomes hacked, cease to correspond with this party via email until their email is confirmed to be secure.
  • If your law firm is the party that was hacked, immediately contact your IT professional and immediately stop using email until your IT professional advises otherwise.
  • If you or your law firm receive any request to handle a legal matter from a client who is from out of the country, consider the possibility that a fraudster is at work. To help protect yourself, follow these Client Identification and Verification Rules before taking on anyone as client. 

Other ways to protect yourself from fraudulent emails include:

  • Check embedded hyperlinks by hovering your mouse over the link to verify the address. 
  • Be wary of clicking on any attachments or links, they may contain viruses, malware and spyware.
  • Protect your computer with anti-virus software, spyware filters, email filters and firewall programs.
  • Ensure your anti-virus software is active and up to date. Regularly schedule scans to search and remove already existing malware.
  • Keep your operating system and software up to date.
  • Make regular back-ups of important files.
The Alberta Lawyers Insurance Association provides the ALIAlert service to all Alberta lawyers participating in the insurance program. If you believe that you have been targeted by potential fraudulent activity, please contact  ALIAlert  so that we may alert other members of the profession and avoid losses that increase the cost of everyone’s insurance.