I’ve talked about the new versions of the Nigerian e-mail scams targeting lawyers, but now there’s an even newer scam that lawyers need to be aware of.
This new threat, referred to as a “Business Email Compromise” scheme, entails a hacker breaking into the lawyer’s email account, monitoring the emails for some period of time, and waiting for a transaction involving a wire transfer to be discussed.
Once a transaction is identified, the scammer will then send a fake email (using a slightly modified e-mail address) that appears legitimate (at a glance) from one of the parties, but directs the party holding the funds to wire those funds to a different account than previously discussed. This new account is one controlled by the scammer.
If you think this can’t happen to you, then read this Complaint filed in Davidson County Chancery Court on April 26, 2016 (link here: 201604271031.). In that lawsuit, the scammers diverted nearly $900,000 from two property closings in March 2016 using emails that were slight variations of the real accounts.
Instead of “email@example.com”, they used “firstname.lastname@example.org”; Instead of “email@example.com”, they used “firstname.lastname@example.org.”
Using these fake email accounts, the scammers sent the closing agent “follow-up” emails, presenting new wire recipient account information. By the time the fraud was discovered, the money was gone, and the only parties left to sue were–you guessed it–the closing attorneys who didn’t notice the changes in the emails.
Here are some red flags to watch for:
- A last second change in wire instructions;
- The change in wire instructions is made only via email;
- A request that funds be released earlier or on an expedited basis;
- The request uses broken English or bad grammar;
- The new wire instructions uses an offshore institution or an institution you’ve never heard of; or
- The new wire instructions involves payment to a person/party not previously in the transaction.
Some best practices in these situations are to:
- Include wire instructions as part of, attached, and incorporated into the settlement statement personally executed by the parties; and
- Before wiring any funds, verify the accuracy of the existing (or new) wire transfer instructions by a telephone call to the proper party receiving the funds (not the potentially fraudulent address on the e-mail or potentially fraudulent telephone number included in the e-mail).
As lawyers incorporate new technologies into their practices, so do the ways that scammers can use that technology against lawyers. Watch out.